Plattform
ruby
Komponente
rack
Behoben in
2.2.23
3.0.1
3.2.1
2.2.22
CVE-2026-22860 describes a Directory Traversal vulnerability within the Ruby Rack framework. This flaw allows attackers to potentially access files and directories beyond the intended root, leading to information disclosure. The vulnerability impacts Rack versions 2.2.9 and earlier, and a fix is available in version 2.2.22.
The core of the vulnerability lies in Rack::Directory’s flawed path check, which uses a simple string prefix match. An attacker can craft a malicious request, such as /../rootexample/, that exploits this weakness. If the target path shares a prefix with the configured root directory (e.g., /var/www/root and /var/www/rootbackup), the check will pass, granting the attacker access to the unintended directory. This can lead to the exposure of sensitive configuration files, source code, or other critical data stored outside the intended web root. The potential blast radius depends on the permissions granted to the web server user and the sensitivity of the data accessible within the affected directories.
CVE-2026-22860 was publicly disclosed on 2026-02-17. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it relatively straightforward to exploit given access to a vulnerable Rack installation.
Applications built using the Ruby Rack framework, particularly those that expose directory listing functionality or handle user-supplied paths without proper validation, are at risk. Shared hosting environments where multiple applications share the same Rack installation are also particularly vulnerable, as a compromise of one application could potentially expose the entire environment.
• ruby / gem: Use gem list to identify Rack versions. Look for versions less than or equal to 2.2.9.
gem list rack• linux / server: Examine web server access logs for requests containing suspicious path traversal sequences (e.g., ../).
grep '../' /var/log/apache2/access.log• generic web: Test Rack-based applications with path traversal payloads (e.g., /../etc/passwd) to identify potential vulnerabilities. Use curl to send requests and inspect the response.
curl http://your-rack-app/../etc/passwddisclosure
Exploit-Status
EPSS
0.07% (22% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22860 is to upgrade to Rack version 2.2.22 or later, which includes the corrected path boundary check. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious path traversal sequences like ../. Additionally, review and restrict file system permissions for the web server user to minimize the potential impact of a successful attack. Regularly scan your Ruby environment for outdated Rack versions using tools like gem list to proactively identify vulnerable installations.
Actualice la gema Rack a la versión 2.2.22 o superior, 3.1.20 o superior, o 3.2.5 o superior. Esto solucionará la vulnerabilidad de recorrido de directorio. Ejecute `gem update rack` para actualizar a la última versión segura.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22860 is a Directory Traversal vulnerability affecting Ruby Rack versions 2.2.9 and earlier. It allows attackers to access files outside the intended web root.
You are affected if you are using Ruby Rack version 2.2.9 or earlier. Check your Rack version using gem list rack.
Upgrade to Ruby Rack version 2.2.22 or later to remediate the vulnerability. Consider WAF rules as a temporary workaround.
There is currently no evidence of active exploitation, but the vulnerability is relatively easy to exploit.
Refer to the Ruby Rack project's official website and security advisories for the latest information: https://rack.rubyforge.org/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Gemfile.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.