CVE-2026-22860
HIGH 7.5Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.
Affected Applications in Environment
17
containerd
v1.6.20~ds1-1+deb12u2
1 device
containerd
v1.4.13~ds1-1~deb11u6
1 device
containerd
v1.7.24~ds1-6+deb13u1
2 devices
pgbouncer
v1.25.1-1.pgdg11+1
1 device
php
v2:8.4+101~+ubuntu24.04.1+deb.sury.org+1
8 devices
php
v2:8.4+100~+ubuntu24.04.1+deb.sury.org+1
1 device
php
v2:8.4+101~+ubuntu22.04.1+deb.sury.org+1
1 device
php
v2:8.2+93
1 device
php
v2:8.4+96+ubuntu20.04.1+deb.sury.org+1
1 device
php
v2:8.4+100~+ubuntu22.04.1+deb.sury.org+1
1 device
runc
v1.1.5+ds1-1+deb12u1
1 device
runc
v1.0.0~rc93+ds1-5+deb11u5
1 device
runc
v1.1.15+ds1-2+b4
2 devices
vim
v2:8.2.2434-3+deb11u3
11 devices
vim
v2:9.0.1378-2+deb12u2
17 devices
vim
v2:9.1.1230-2
8 devices
vim
v2:8.1.0875-5+deb10u6
1 device
Affected Devices
49
acmedns
Linux
bloodhound
Linux
cceredcapweb
Linux
chat
Linux
csf
Linux
dispatch
Linux
e911-provision
Linux
finch
Linux
flo-rida
Linux
fw
Linux
gravekeeper
Linux
gul4.usu.edu
Linux
iperf
Linux
jed
Linux
kcm.usu.edu
Linux
librenms
Linux
librenmsdb
Linux
lumbermill
Linux
minemeld
Linux
mirror3
Linux
miscnet
Linux
netbox
Linux
nt
Linux
portscan01
Linux
portscan02
Linux
privatebin
Linux
promnet
Linux
redcapweb
Linux
refraction
Linux
s2backups
Linux
seaweed
Linux
sectap1
Linux
soc
Linux
steesh
Linux
svn.usu.edu
Linux
sympa.ser321.usu.edu
Linux
thegrid
Linux
thnotes
Linux
web06
Linux
web08.usu.edu
Linux
web11.usu.edu
Linux
web13.usu.edu
Linux
web14.usu.edu
Linux
web20
Linux
web28
Linux
web29.usu.edu
Linux
web30.usu.edu
Linux
web37.usu.edu
Linux
yasls
Linux