CVE-2026-25500 | Rack up to 2.2.21/3.1.19/3.2.4 Rack::Directory cross site scripting

Inserito da Angelo Barbosa | Feb 18, 2026 | CVE

A vulnerability has been found in Rack up to 2.2.21/3.1.19/3.2.4 and classified as problematic. This vulnerability affects the function Rack::Directory. This manipulation causes cross site scripting.

This vulnerability is tracked as CVE-2026-25500. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-25500 | Rack up to 2.2.21/3.1.19/3.2.4 Rack::Directory cross site scripting

Post correlati

CVE-2024-12950 | code-projects Travel Management System 1.0 /subcat.php catid sql injection

CVE-2024-47812 | miraheze ImportDump Special:RequestImportQueue Page cross site scripting (d054b95)

CVE-2025-12217 | Azure Access BLU-IC2/BLU-IC4 up to 1.19.5 SNMP default credentials

CVE-2024-2714 | Campcodes Complete Online DJ Booking System 1.0 booking-bwdates-reports-details.php fromdate sql injection