Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-pbu7-4hdm-s3a6
Vulnerability ID VCID-pbu7-4hdm-s3a6
Aliases CVE-2026-34830
GHSA-qv7j-4883-hwh7
Summary Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex metacharacters and control the generated X-Accel-Redirect response header. In deployments using Rack::Sendfile with x-accel-redirect, this can allow an attacker to cause nginx to serve unintended files from configured internal locations. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-625 Permissive Regular Expression
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-34830
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-34830
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34830
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34830
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34830
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34830
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34830
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-qv7j-4883-hwh7
cvssv3.1 5.9 https://github.com/rack/rack
generic_textual MODERATE https://github.com/rack/rack
cvssv3.1 5.9 https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
cvssv3.1_qr MODERATE https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
generic_textual MODERATE https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
ssvc Track https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2026-34830
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-34830
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
https://api.first.org/data/v1/epss?cve=CVE-2026-34830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34830
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rack/rack
https://nvd.nist.gov/vuln/detail/CVE-2026-34830
2454510 https://bugzilla.redhat.com/show_bug.cgi?id=2454510
GHSA-qv7j-4883-hwh7 https://github.com/advisories/GHSA-qv7j-4883-hwh7
GHSA-qv7j-4883-hwh7 https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/rack/rack
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:59:36Z/ Found at https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-34830
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.08839
EPSS Score 0.00031
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-03T02:49:26.479791+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/34xxx/CVE-2026-34830.json 38.1.0