{"id":"USN-8182-1","summary":"ruby-rack vulnerabilities","details":"Andrew Lacambra discovered that Rack did not properly parse certain regular\nexpressions. An attacker could possibly use this issue to bypass network\nsecurity filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04\nLTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-26961)\n\nWilliam T. Nelson discovered that Rack did not handle multipart headers\ncorrectly. An attacker could possibly use this issue to cause downstream\nparsing issues or a denial of service. This issue only affected Ubuntu\n25.10. (CVE-2026-26962)\n\nIt was discovered that Rack did not handle the Forwarded header correctly.\nAn attacker could possibly use this issue to manipulate header values. This\nissue only affected Ubuntu 25.10. (CVE-2026-32762)\n\nIt was discovered that Rack could consume excessive CPU when handling\ncertain Accept-Encoding values. An attacker could possibly use this issue\nto cause a denial of service. (CVE-2026-34230)\n\nHaruki Oyama discovered that certain configurations of Rack could\nerroneously fail to derive the displayed directory path, and expose the\nfull filesystem path. An attacker could possibly use this issue to disclose\ndeployment details such as layout and usernames. (CVE-2026-34763)\n\nIt was discovered that Rack did not properly handle static file paths. An\nattacker could possibly use this issue to exfiltrate unintentionally served\ndata. (CVE-2026-34785)\n\nHaruki Oyama discovered that Rack did not apply header rules to certain\nrequests for URL-encoded static paths. An attacker could possibly use this\nissue to bypass security-relevant response headers. This issue only\naffected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04\nLTS, and Ubuntu 25.10. (CVE-2026-34786)\n\nIt was discovered that Rack did not limit the number of ranges requested in\nthe Range header. An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu\n25.10. (CVE-2026-34826)\n\nIt was discovered that Rack could consume excessive CPU when parsing\ncertain multipart parameters. An attacker could possibly use this to cause\na denial of service. This issue only affected Ubuntu 25.10.\n(CVE-2026-34827)\n\nIt was discovered that Rack could consume unbounded disk space when\nhandling requests without a Content-Length header. An attacker could\npossibly use this issue to cause a denial of service. This issue only\naffected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu\n25.10. (CVE-2026-34829)\n\nMehtab Zafar discovered that Rack directly interpreted the X-Accel-Mapping\nheader as a regular expression without escaping. An attacker could possibly\nuse this issue to exfiltrate arbitrary files from internal locations. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nUbuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34830)\n\nIt was discovered that Rack did not properly handle messages with Unicode.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu\n25.10. (CVE-2026-34831)\n\nIt was discovered that Rack did not properly parse the Host header. An\nattacker could possibly use this issue to bypass security filters or poison\ngenerated links. This issue only affected Ubuntu 25.10. (CVE-2026-34835)","modified":"2026-04-27T18:47:40.129140Z","published":"2026-04-17T00:23:44Z","related":["UBUNTU-CVE-2026-26961","UBUNTU-CVE-2026-26962","UBUNTU-CVE-2026-32762","UBUNTU-CVE-2026-34230","UBUNTU-CVE-2026-34763","UBUNTU-CVE-2026-34785","UBUNTU-CVE-2026-34786","UBUNTU-CVE-2026-34826","UBUNTU-CVE-2026-34827","UBUNTU-CVE-2026-34829","UBUNTU-CVE-2026-34830","UBUNTU-CVE-2026-34831","UBUNTU-CVE-2026-34835"],"upstream":["CVE-2026-26961","CVE-2026-26962","CVE-2026-32762","CVE-2026-34230","CVE-2026-34763","CVE-2026-34785","CVE-2026-34786","CVE-2026-34826","CVE-2026-34827","CVE-2026-34829","CVE-2026-34830","CVE-2026-34831","CVE-2026-34835","UBUNTU-CVE-2026-26961","UBUNTU-CVE-2026-26962","UBUNTU-CVE-2026-32762","UBUNTU-CVE-2026-34230","UBUNTU-CVE-2026-34763","UBUNTU-CVE-2026-34785","UBUNTU-CVE-2026-34786","UBUNTU-CVE-2026-34826","UBUNTU-CVE-2026-34827","UBUNTU-CVE-2026-34829","UBUNTU-CVE-2026-34830","UBUNTU-CVE-2026-34831","UBUNTU-CVE-2026-34835"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8182-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-26961"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-26962"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-32762"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34230"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34763"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34785"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34786"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34826"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34827"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34829"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34830"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34831"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34835"}],"affected":[{"package":{"name":"ruby-rack","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/ruby-rack@1.5.2-3+deb8u3ubuntu1~esm11?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.2-3+deb8u3ubuntu1~esm11"}]}],"versions":["1.5.2-1","1.5.2-1ubuntu0.1~esm1","1.5.2-3+deb8u3ubuntu1~esm2","1.5.2-3+deb8u3ubuntu1~esm3","1.5.2-3+deb8u3ubuntu1~esm4","1.5.2-3+deb8u3ubuntu1~esm6","1.5.2-3+deb8u3ubuntu1~esm7","1.5.2-3+deb8u3ubuntu1~esm8","1.5.2-3+deb8u3ubuntu1~esm9","1.5.2-3+deb8u3ubuntu1~esm10"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro","binaries":[{"binary_version":"1.5.2-3+deb8u3ubuntu1~esm11","binary_name":"librack-ruby"},{"binary_version":"1.5.2-3+deb8u3ubuntu1~esm11","binary_name":"librack-ruby1.8"},{"binary_version":"1.5.2-3+deb8u3ubuntu1~esm11","binary_name":"librack-ruby1.9.1"},{"binary_version":"1.5.2-3+deb8u3ubuntu1~esm11","binary_name":"ruby-rack"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8182-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34230"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34763"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34785"}]}}},{"package":{"name":"ruby-rack","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/ruby-rack@1.6.4-3ubuntu0.2+esm10?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.4-3ubuntu0.2+esm10"}]}],"versions":["1.5.2-4","1.6.4-2","1.6.4-3","1.6.4-3ubuntu0.1","1.6.4-3ubuntu0.2","1.6.4-3ubuntu0.2+esm1","1.6.4-3ubuntu0.2+esm2","1.6.4-3ubuntu0.2+esm4","1.6.4-3ubuntu0.2+esm5","1.6.4-3ubuntu0.2+esm6","1.6.4-3ubuntu0.2+esm7","1.6.4-3ubuntu0.2+esm8","1.6.4-3ubuntu0.2+esm9"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.6.4-3ubuntu0.2+esm10","binary_name":"ruby-rack"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8182-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34230"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34763"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34785"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34826"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34830"}]}}},{"package":{"name":"ruby-rack","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/ruby-rack@1.6.4-4ubuntu0.2+esm10?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.4-4ubuntu0.2+esm10"}]}],"versions":["1.6.4-4","1.6.4-4ubuntu0.1","1.6.4-4ubuntu0.2","1.6.4-4ubuntu0.2+esm1","1.6.4-4ubuntu0.2+esm2","1.6.4-4ubuntu0.2+esm4","1.6.4-4ubuntu0.2+esm5","1.6.4-4ubuntu0.2+esm6","1.6.4-4ubuntu0.2+esm7","1.6.4-4ubuntu0.2+esm8","1.6.4-4ubuntu0.2+esm9"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1.6.4-4ubuntu0.2+esm10","binary_name":"ruby-rack"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8182-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34230"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34763"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34785"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34786"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34826"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34830"}]}}},{"package":{"name":"ruby-rack","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/ruby-rack@2.0.7-2ubuntu0.1+esm10?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.7-2ubuntu0.1+esm10"}]}],"versions":["2.0.6-3","2.0.7-2","2.0.7-2ubuntu0.1","2.0.7-2ubuntu0.1+esm1","2.0.7-2ubuntu0.1+esm2","2.0.7-2ubuntu0.1+esm3","2.0.7-2ubuntu0.1+esm4","2.0.7-2ubuntu0.1+esm5","2.0.7-2ubuntu0.1+esm6","2.0.7-2ubuntu0.1+esm7","2.0.7-2ubuntu0.1+esm8","2.0.7-2ubuntu0.1+esm9"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.0.7-2ubuntu0.1+esm10","binary_name":"ruby-rack"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8182-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-26961"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34230"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34763"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34785"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34786"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34826"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34829"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34830"}]}}},{"package":{"name":"ruby-rack","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/ruby-rack@2.1.4-5ubuntu1.2+esm3?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.4-5ubuntu1.2+esm3"}]}],"versions":["2.1.4-3","2.1.4-4","2.1.4-5","2.1.4-5ubuntu1","2.1.4-5ubuntu1+esm2","2.1.4-5ubuntu1+esm3","2.1.4-5ubuntu1+esm4","2.1.4-5ubuntu1+esm5","2.1.4-5ubuntu1.1","2.1.4-5ubuntu1.1+esm1","2.1.4-5ubuntu1.1+esm2","2.1.4-5ubuntu1.2","2.1.4-5ubuntu1.2+esm1","2.1.4-5ubuntu1.2+esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.1.4-5ubuntu1.2+esm3","binary_name":"ruby-rack"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8182-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-26961"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34230"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34763"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34785"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34786"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34826"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34829"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34830"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34831"}]}}},{"package":{"name":"ruby-rack","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/ruby-rack@2.2.7-1ubuntu0.7?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.7-1ubuntu0.7"}]}],"versions":["2.2.4-3","2.2.7-1","2.2.7-1ubuntu0.1","2.2.7-1ubuntu0.2","2.2.7-1ubuntu0.3","2.2.7-1ubuntu0.4","2.2.7-1ubuntu0.5","2.2.7-1ubuntu0.6"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.2.7-1ubuntu0.7","binary_name":"ruby-rack"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8182-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-26961"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-26962"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34230"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34763"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34785"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34786"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34826"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34829"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34830"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34831"}]}}},{"package":{"name":"ruby-rack","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/ruby-rack@3.1.16-0.1ubuntu0.3?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.16-0.1ubuntu0.3"}]}],"versions":["2.2.7-1.1","3.1.16-0.1","3.1.16-0.1ubuntu0.1","3.1.16-0.1ubuntu0.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.1.16-0.1ubuntu0.3","binary_name":"ruby-rack"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8182-1.json","cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-26961"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-26962"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-32762"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34230"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34763"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34785"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34786"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34826"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34827"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34829"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34830"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34831"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-34835"}]}}}],"schema_version":"1.7.5"}