CVE-2026-22860: Rack has a Directory Traversal via Rack:Directory
(updated )
Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../root_example/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.
References
- github.com/advisories/GHSA-mxw3-3hh2-x2mh
- github.com/rack/rack
- github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7
- github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml
- nvd.nist.gov/vuln/detail/CVE-2026-22860
Code Behaviors & Features
Detect and mitigate CVE-2026-22860 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →