CVE-2026-34830 | Rack up to 2.2.22/3.1.20/3.2.5 Regular Expression Rack::Sendfile X-Accel-Mapping permissive regular expression (GHSA-qv7j-4883-hwh7)

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability was found in Rack up to 2.2.22/3.1.20/3.2.5. It has been declared as problematic. Affected by this vulnerability is the function Rack::Sendfile of the component Regular Expression Handler. The manipulation of the argument X-Accel-Mapping results in permissive regular expression.

This vulnerability was named CVE-2026-34830. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-34830 | Rack up to 2.2.22/3.1.20/3.2.5 Regular Expression Rack::Sendfile X-Accel-Mapping permissive regular expression (GHSA-qv7j-4883-hwh7)

Post correlati

CVE-2024-8276 | WPZOOM Portfolio Lite Plugin up to 1.4.4 on WordPress cross site scripting

CVE-2024-10761 | Umbraco CMS 12.3.6 Dashboard frame?id{} culture cross site scripting

CVE-2024-21477 | Qualcomm Snapdragon up to X75 5G Modem-RF System 802.11az Fine Time Measurement Frame buffer over-read

CVE-2024-47053 | Mautic core up to 5.2.2 improper authorization