Minh Pham Quang discovered that Rack did not correctly handle parsing certain paths, which could lead to a path traversal attack. An attacker could possibly use this issue to leak sensitive information. (CVE-2026-22860)
Ali Firas discovered that Rack did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-25500)
2.2.7-1ubuntu0.63.1.16-0.1ubuntu0.22.0.7-2ubuntu0.1+esm92.1.4-5ubuntu1.2+esm2