CVE-2026-26961

A flaw was found in Rack, a modular Ruby web server interface. A remote attacker can exploit a vulnerability in Rack::Multipart::Parser by crafting a Content-Type header with multiple boundary parameters. This allows the attacker to bypass security inspections performed by upstream proxies or Web...

EUVD-2026-18368

Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass...

Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.

Summary Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one rather than the first. In deployments where an upstream proxy, WAF, or intermedia...

GHSA-VGPV-F759-9WX3 Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.

Summary Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one rather than the first. In deployments where an upstream proxy, WAF, or intermedia...

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

CVE-2026-26961 Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

CVE-2026-26961

Rack vulnerable component: Rack::Multipart::Parser extracts multipart boundary from Content-Type using a greedy regex, causing last-boundary selection when multiple boundaries exist. This can allow smuggling of multipart content past upstream validation. Affected versions are before 2.2.23, 3.1.2...

PT-2026-29808

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack’s Rack::Multipart::Parser uses a greedy regular expression to extract the boundary parameter from multipart/form-data. When a Content-Type header contains multiple boundary...

PT-2026-29925

Summary Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one rather than the first. In deployments where an upstream proxy, WAF, or intermedia...

Unspecified Vulnerability in PyTorch (CNVD-2025-23280)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from the bitwiserightshift function mishandling the boundary value of the OTHER parameter, which can be exploited by an attacker to cause an output error...

Amavis security breach

Amavis is a high-performance email content filtering framework written in Perl. A security vulnerability exists in Amavis versions prior to 2.12.3 and 2.13.x prior to 2.13.1, which stems from an interpretation conflict that may incorrectly check for prohibited files or malware when multiple...