CVE-2025-27111 | Rack up to 2.2.11/3.0.12/3.1.10 Header Rack::Sendfile X-Sendfile-Type crlf injection

A vulnerability classified as problematic has been found in Rack up to 2.2.11/3.0.12/3.1.10. Affected is the function Rack::Sendfile of the component Header Handler. The manipulation of the argument X-Sendfile-Type leads to crlf injection.

This vulnerability is traded as CVE-2025-27111. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More