CVE-2025-46336 | rack-session up to 2.1.0 Session Cookie Rack::Session::Pool race condition (GHSA-9j94-67jr-4cqj)

A vulnerability, which was classified as problematic, was found in rack-session up to 2.1.0. This affects the function Rack::Session::Pool of the component Session Cookie Handler. The manipulation leads to race condition.

This vulnerability is uniquely identified as CVE-2025-46336. The attack needs to be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More