CVE-2026-34763
Rack: Rack::Directory info disclosure and DoS via unescaped regex interpolation
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, *, or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem path in the HTML output. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
| CWE | CWE-625 |
| Vendor | rack |
| Product | rack |
| Published | Apr 2, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for rack rack
Be the first to know when new medium vulnerabilities affecting rack rack are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
rack / rack
< 2.2.23 >= 3.0.0.beta1, < 3.1.21 >= 3.2.0, < 3.2.6