6.7
CVE-2026-33271 -
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
6.7
CVE-2026-27774 -
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
6.7
CVE-2026-28728 -
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
5.9
CVE-2026-34830 - Rack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads thβ¦
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escβ¦
7.5
CVE-2026-34829 - Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transferβ¦
5.3
CVE-2026-34826 - Rack: Unbounded Range Count in get_byte_ranges Enables DoS
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds theβ¦
5.3
CVE-2026-34786 - Rack: Rack::Static header_rules bypass via URL-encoded paths
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules evaluates several header_rules types against the raw URL-encoded PATH_INFO, while the underlying file-serving path is decoded before the file is served. As a result, a request forβ¦
7.5
CVE-2026-34785 - Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with thβ¦
5.3
CVE-2026-34763 - Rack: Rack::Directory info disclosure and DoS via unescaped regex interpolation
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, *, or ., the prefix strippiβ¦
4.8
CVE-2026-34831 - Rack: Content-Length mismatch in Rack::Files error responses
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than thβ¦