CVE-2026-34830 | Rack up to 2.2.22/3.1.20/3.2.5 Regular Expression Rack::Sendfile X-Accel-Mapping permissive regular expression (GHSA-qv7j-4883-hwh7)

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability was found in Rack up to 2.2.22/3.1.20/3.2.5. It has been declared as problematic. Affected by this vulnerability is the function Rack::Sendfile of the component Regular Expression Handler. The manipulation of the argument X-Accel-Mapping results in permissive regular expression.

This vulnerability was named CVE-2026-34830. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-34830 | Rack up to 2.2.22/3.1.20/3.2.5 Regular Expression Rack::Sendfile X-Accel-Mapping permissive regular expression (GHSA-qv7j-4883-hwh7)

Post correlati

CVE-2025-11276 | Rebuild up to 4.1.3 Comment/Guestbook cross site scripting

CVE-2024-2377 | Hitachi Energy SDM600 prior 1.3.4.572 HTTP Response Header origin validation

CVE-2025-8708 | Antabot White-Jotter 0.22 com.gm.wj.config.ShiroConfiguration ShiroConfiguration.java CookieRememberMeManager deserialization

CVE-2023-50711 | vmm-sys-util prior 0.12.0 deserialization