7.5
CVE-2026-22860
- EPSS 0.67%
- Veröffentlicht 18.02.2026 18:45:02
- Zuletzt bearbeitet 30.06.2026 03:17:29
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Rack has a Directory Traversal via Rack:Directory
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.471 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-548 Exposure of Information Through Directory Listing
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
https://access.redhat.com/security/cve/CVE-2026-22860
https://bugzilla.redhat.com/show_bug.cgi?id=2440737
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22860.json