CVE-2026-34763
CVE-2026-34763 affects Rack, a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If the root contains regex metacharacters (e.g., +, *...