CVE-2026-26961 | Rack up to 2.2.22/3.1.20/3.2.5 Content-Type Header Rack::Multipart interpretation conflict (GHSA-vgpv-f759-9wx3)

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability was found in Rack up to 2.2.22/3.1.20/3.2.5 and classified as problematic. This impacts the function Rack::Multipart of the component Content-Type Header Handler. Executing a manipulation can lead to interpretation conflict.

This vulnerability is handled as CVE-2026-26961. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.

CVE-2026-26961 | Rack up to 2.2.22/3.1.20/3.2.5 Content-Type Header Rack::Multipart interpretation conflict (GHSA-vgpv-f759-9wx3)

Post correlati

CVE-2025-22823 | Justin Twerdy Genesis Style Shortcodes Plugin up to 1.0 on WordPress cross site scripting

CVE-2024-31371 | Xylus Themes WP Event Aggregator Plugin up to 1.7.6 on WordPress cross-site request forgery

CVE-2024-46328 | Vonets VAP11G-300 3.3.23.6.9 hard-coded credentials

CVE-2026-32293 | GL-iNet Comet KVM up to 1.7.1 certificate validation