CVE-2026-34786 | Rack up to 2.2.22/3.1.20/3.2.5 Rack::Static incorrect behavior order: validate before canonicalize (GHSA-q4qf-9j86-f5mh)

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability was found in Rack up to 2.2.22/3.1.20/3.2.5. It has been classified as problematic. Affected is the function Rack::Static. The manipulation leads to incorrect behavior order: validate before canonicalize.

This vulnerability is uniquely identified as CVE-2026-34786. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.

CVE-2026-34786 | Rack up to 2.2.22/3.1.20/3.2.5 Rack::Static incorrect behavior order: validate before canonicalize (GHSA-q4qf-9j86-f5mh)

Post correlati

CVE-2025-20082 | Intel Server D50DNP Board/Server M50FCP Board UEFI Firmware SmiVariable Driver toctou (intel-sa-01269)

CVE-2026-26023 | langgenius dify up to 1.12.x cross site scripting

CVE-2024-10435 | didi Super-Jacoco 1.0 /cov/triggerEnvCov uuid command injection

CVE-2024-13444 | wp-greet Plugin up to 6.2 on WordPress cross-site request forgery