CVE-2026-22860 | Rack up to 2.2.21/3.1.19/3.2.4 Rack::Directory path traversal (GHSA-mxw3-3hh2-x2mh)

A vulnerability, which was classified as critical, was found in Rack up to 2.2.21/3.1.19/3.2.4. This affects the function Rack::Directory. The manipulation results in path traversal.

This vulnerability is identified as CVE-2026-22860. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More