Description

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

INFO

Published Date :

2026-02-18T18:45:02.095Z

Last Modified :

2026-02-18T19:28:38.445Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22860 vulnerability.

Vendors Products
Rack
  • Rack
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22860.

URL Resource
https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7 cve-icon cve-icon cve-icon
https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-22860 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-22860 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact