Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1j61-5e8x-7fbd
Vulnerability ID VCID-1j61-5e8x-7fbd
Aliases CVE-2026-34829
GHSA-8vqr-qjwx-82mw
Summary Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size limit. For file parts, the uploaded body is written directly to a temporary file on disk rather than being constrained by the buffered in-memory upload limit. An unauthenticated attacker can therefore stream an arbitrarily large multipart file upload and consume unbounded disk space. This results in a denial of service condition for Rack applications that accept multipart form data. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-400 Uncontrolled Resource Consumption
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34829
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34829
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2026-34829
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2026-34829
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2026-34829
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2026-34829
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2026-34829
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-8vqr-qjwx-82mw
cvssv3.1 7.5 https://github.com/rack/rack
generic_textual HIGH https://github.com/rack/rack
cvssv3.1 7.5 https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
cvssv3.1_qr HIGH https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
generic_textual HIGH https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
ssvc Track https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2026-34829
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-34829
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
https://api.first.org/data/v1/epss?cve=CVE-2026-34829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34829
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rack/rack
https://nvd.nist.gov/vuln/detail/CVE-2026-34829
2454488 https://bugzilla.redhat.com/show_bug.cgi?id=2454488
GHSA-8vqr-qjwx-82mw https://github.com/advisories/GHSA-8vqr-qjwx-82mw
GHSA-8vqr-qjwx-82mw https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rack/rack
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:41:27Z/ Found at https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-34829
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.12659
EPSS Score 0.00041
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-03T02:49:31.081265+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/34xxx/CVE-2026-34829.json 38.1.0