CVE-2026-26961 | Rack up to 2.2.22/3.1.20/3.2.5 Content-Type Header Rack::Multipart interpretation conflict (GHSA-vgpv-f759-9wx3)

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability was found in Rack up to 2.2.22/3.1.20/3.2.5 and classified as problematic. This impacts the function Rack::Multipart of the component Content-Type Header Handler. Executing a manipulation can lead to interpretation conflict.

This vulnerability is handled as CVE-2026-26961. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.

CVE-2026-26961 | Rack up to 2.2.22/3.1.20/3.2.5 Content-Type Header Rack::Multipart interpretation conflict (GHSA-vgpv-f759-9wx3)

Post correlati

CVE-2024-47126 | goTenna Pro Series up to 1.6.1 weak prng (icsa-24-270-04)

CVE-2024-55548 | ORing IAP-420 up to 2.01e improper check or handling of exceptional conditions

CVE-2024-21869 | Rapid SCADA up to 5.8.4 credentials storage (icsa-24-011-03)

CVE-2024-49506 | openSUSE Tumbleweed up to 1.0.1/1.2.3 temp file