2 matches found
CVE-2026-22860
creationtimestamp| type| source ---|---|--- 2026-02-18 19:25:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5sn5tzvr2d 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...
DEBIAN-CVE-2026-22860
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...