Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-34786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types agains...

5.3CVSS6.1AI score0.00195EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:44 p.m.4 views

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.7AI score0.00195EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/02 4:44 p.m.22 views

CVE-2026-34786 Rack: Rack::Static header_rules bypass via URL-encoded paths

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS0.00195EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/02 4:44 p.m.5 views

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.3AI score0.00195EPSS
Exploits0
Rows per page
Query Builder