CVE-2026-34830
Description
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex metacharacters and control the generated X-Accel-Redirect response header. In deployments using Rack::Sendfile with x-accel-redirect, this can allow an attacker to cause nginx to serve unintended files from configured internal locations. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rackRubyGems | < 2.2.23 | 2.2.23 |
rackRubyGems | >= 3.0.0.beta1, < 3.1.21 | 3.1.21 |
rackRubyGems | >= 3.2.0, < 3.2.6 | 3.2.6 |
Affected products
65- osv-coords64 versionspkg:apk/chainguard/gitlab-exporter-18.10pkg:apk/chainguard/gitlab-exporter-18.8pkg:apk/chainguard/gitlab-exporter-18.9pkg:apk/chainguard/gitlab-rails-ce-18.1pkg:apk/chainguard/gitlab-rails-ce-18.10pkg:apk/chainguard/gitlab-rails-ce-18.8pkg:apk/chainguard/gitlab-rails-ce-18.9pkg:apk/chainguard/gitlab-rails-ce-fips-18.10pkg:apk/chainguard/gitlab-rails-ce-fips-18.8pkg:apk/chainguard/gitlab-rails-ce-fips-18.9pkg:apk/chainguard/kube-fluentd-operatorpkg:apk/chainguard/logstash-8.19pkg:apk/chainguard/logstash-8.19-iamguarded-compatpkg:apk/chainguard/logstash-8.19-with-output-opensearchpkg:apk/chainguard/logstash-9.0pkg:apk/chainguard/logstash-9.0-iamguarded-compatpkg:apk/chainguard/logstash-9.0-with-output-opensearchpkg:apk/chainguard/logstash-9.1pkg:apk/chainguard/logstash-9.1-bitnami-compatpkg:apk/chainguard/logstash-9.1-iamguarded-compatpkg:apk/chainguard/logstash-9.1-with-output-opensearchpkg:apk/chainguard/logstash-9.2pkg:apk/chainguard/logstash-9.2-iamguarded-compatpkg:apk/chainguard/logstash-9.2-with-output-opensearchpkg:apk/chainguard/logstash-9.3pkg:apk/chainguard/logstash-9.3-iamguarded-compatpkg:apk/chainguard/logstash-9.3-with-output-opensearchpkg:apk/chainguard/pact-broker-dockerpkg:apk/chainguard/pact-broker-docker-fipspkg:apk/chainguard/ruby3.2-rack-2.2pkg:apk/chainguard/ruby3.2-rails-7.2pkg:apk/chainguard/ruby3.2-rails-8.0pkg:apk/chainguard/ruby3.3-rack-2.2pkg:apk/chainguard/ruby3.4-rack-2.2pkg:apk/chainguard/ruby3.4-rails-7.2pkg:apk/chainguard/ruby3.4-rails-8.0pkg:apk/chainguard/ruby4.0-rack-2.2pkg:apk/wolfi/kube-fluentd-operatorpkg:apk/wolfi/logstash-9.1pkg:apk/wolfi/logstash-9.1-bitnami-compatpkg:apk/wolfi/logstash-9.1-iamguarded-compatpkg:apk/wolfi/logstash-9.1-with-output-opensearchpkg:apk/wolfi/logstash-9.2pkg:apk/wolfi/logstash-9.2-iamguarded-compatpkg:apk/wolfi/logstash-9.2-with-output-opensearchpkg:apk/wolfi/logstash-9.3pkg:apk/wolfi/logstash-9.3-iamguarded-compatpkg:apk/wolfi/logstash-9.3-with-output-opensearchpkg:apk/wolfi/ruby3.2-rack-2.2pkg:apk/wolfi/ruby3.2-rails-8.0pkg:apk/wolfi/ruby3.3-rack-2.2pkg:apk/wolfi/ruby3.4-rack-2.2pkg:apk/wolfi/ruby3.4-rails-8.0pkg:apk/wolfi/ruby4.0-rack-2.2pkg:gem/rackpkg:rpm/opensuse/rubygem-rack-2.2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
< 18.10.3-r0+ 63 more
- (no CPE)range: < 18.10.3-r0
- (no CPE)range: < 18.8.9-r0
- (no CPE)range: < 18.9.5-r0
- (no CPE)range: < 18.1.6-r13
- (no CPE)range: < 18.10.4-r0
- (no CPE)range: < 18.8.10-r0
- (no CPE)range: < 18.9.6-r0
- (no CPE)range: < 18.10.4-r0
- (no CPE)range: < 18.8.10-r0
- (no CPE)range: < 18.9.6-r0
- (no CPE)range: < 1.18.2-r67
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 9.0.8-r20
- (no CPE)range: < 9.0.8-r20
- (no CPE)range: < 9.0.8-r20
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 2.137.0.2.118.0-r4
- (no CPE)range: < 2.137.0.2.118.0-r2
- (no CPE)range: < 2.2.23-r0
- (no CPE)range: < 7.2.3.1-r2
- (no CPE)range: < 8.0.5-r0
- (no CPE)range: < 2.2.23-r0
- (no CPE)range: < 2.2.23-r0
- (no CPE)range: < 7.2.3.1-r1
- (no CPE)range: < 8.0.5-r2
- (no CPE)range: < 2.2.23-r0
- (no CPE)range: < 1.18.2-r67
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.1.10-r6
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.2.8-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 9.3.3-r2
- (no CPE)range: < 2.2.23-r0
- (no CPE)range: < 8.0.5-r0
- (no CPE)range: < 2.2.23-r0
- (no CPE)range: < 2.2.23-r0
- (no CPE)range: < 8.0.5-r2
- (no CPE)range: < 2.2.23-r0
- (no CPE)range: < 2.2.23
- (no CPE)range: < 2.2.23-1.1
- (no CPE)range: < 2.27-150500.3.47.1
- (no CPE)range: < 2.27-150500.3.47.1
- (no CPE)range: < 2.27-150500.3.47.1
- (no CPE)range: < 2.27-150500.3.47.1
- (no CPE)range: < 2.27-150500.3.47.1
- (no CPE)range: < 2.27-150500.3.47.1
- (no CPE)range: < 2.27-150500.3.47.1
- (no CPE)range: < 2.27-150500.3.47.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.