Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2qba-a6bp-ryak
Vulnerability ID VCID-2qba-a6bp-ryak
Aliases CVE-2026-34785
GHSA-h2jq-g4cq-5ppq
Summary Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or "/css-backup.sql". As a result, files under the static root whose names merely share the configured prefix may be served unintentionally, leading to information disclosure. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-187 Partial String Comparison
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-552 Files or Directories Accessible to External Parties
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-34785
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-34785
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34785
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34785
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34785
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34785
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34785
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-h2jq-g4cq-5ppq
cvssv3.1 7.5 https://github.com/rack/rack
generic_textual HIGH https://github.com/rack/rack
cvssv3.1 7.5 https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
cvssv3.1_qr HIGH https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
generic_textual HIGH https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
ssvc Track https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2026-34785
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-34785
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
https://api.first.org/data/v1/epss?cve=CVE-2026-34785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34785
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rack/rack
https://nvd.nist.gov/vuln/detail/CVE-2026-34785
2454486 https://bugzilla.redhat.com/show_bug.cgi?id=2454486
GHSA-h2jq-g4cq-5ppq https://github.com/advisories/GHSA-h2jq-g4cq-5ppq
GHSA-h2jq-g4cq-5ppq https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/rack/rack
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:58:57Z/ Found at https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-34785
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.08839
EPSS Score 0.00031
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-03T02:49:27.741713+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/34xxx/CVE-2026-34785.json 38.1.0