Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2026-34835
Vulnerability from osv_ubuntu
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, #, and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be bypassed. This can lead to host header poisoning in applications that use req.host, req.url, or req.base_url for link generation, redirects, or origin validation. This issue has been patched in versions 3.1.21 and 3.2.6.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ruby-rack",
"binary_version": "3.1.16-0.1ubuntu0.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@3.1.16-0.1ubuntu0.3?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.16-0.1ubuntu0.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.7-1.1",
"3.1.16-0.1",
"3.1.16-0.1ubuntu0.1",
"3.1.16-0.1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ruby-rack",
"binary_version": "3.2.4-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@3.2.4-1ubuntu1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.1.16-0.1",
"3.1.18-1",
"3.1.18-1build1",
"3.2.4-1ubuntu1"
]
}
],
"aliases": [],
"details": "Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, #, and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be bypassed. This can lead to host header poisoning in applications that use req.host, req.url, or req.base_url for link generation, redirects, or origin validation. This issue has been patched in versions 3.1.21 and 3.2.6.",
"id": "UBUNTU-CVE-2026-34835",
"modified": "2026-05-20T15:27:24Z",
"published": "2026-04-02T18:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34835"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34835"
},
{
"type": "REPORT",
"url": "https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8182-1"
}
],
"related": [
"USN-8182-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-34835"
]
}
CVE-2026-34835 (GCVE-0-2026-34835)
Vulnerability from cvelistv5 – Published: 2026-04-02 17:09 – Updated: 2026-04-02 17:44- CWE-1286 - Improper Validation of Syntactic Correctness of Input
| URL | Tags |
|---|---|
| https://github.com/rack/rack/security/advisories/… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T17:43:54.517566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T17:44:03.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rack",
"vendor": "rack",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0.beta1, \u003c 3.1.21"
},
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 3.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, #, and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be bypassed. This can lead to host header poisoning in applications that use req.host, req.url, or req.base_url for link generation, redirects, or origin validation. This issue has been patched in versions 3.1.21 and 3.2.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T17:09:07.047Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5"
}
],
"source": {
"advisory": "GHSA-g2pf-xv49-m2h5",
"discovery": "UNKNOWN"
},
"title": "Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34835",
"datePublished": "2026-04-02T17:09:07.047Z",
"dateReserved": "2026-03-30T20:52:53.284Z",
"dateUpdated": "2026-04-02T17:44:03.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-8182-1
Vulnerability from osv_ubuntu
Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-26961)
William T. Nelson discovered that Rack did not handle multipart headers correctly. An attacker could possibly use this issue to cause downstream parsing issues or a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-26962)
It was discovered that Rack did not handle the Forwarded header correctly. An attacker could possibly use this issue to manipulate header values. This issue only affected Ubuntu 25.10. (CVE-2026-32762)
It was discovered that Rack could consume excessive CPU when handling certain Accept-Encoding values. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-34230)
Haruki Oyama discovered that certain configurations of Rack could erroneously fail to derive the displayed directory path, and expose the full filesystem path. An attacker could possibly use this issue to disclose deployment details such as layout and usernames. (CVE-2026-34763)
It was discovered that Rack did not properly handle static file paths. An attacker could possibly use this issue to exfiltrate unintentionally served data. (CVE-2026-34785)
Haruki Oyama discovered that Rack did not apply header rules to certain requests for URL-encoded static paths. An attacker could possibly use this issue to bypass security-relevant response headers. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34786)
It was discovered that Rack did not limit the number of ranges requested in the Range header. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34826)
It was discovered that Rack could consume excessive CPU when parsing certain multipart parameters. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-34827)
It was discovered that Rack could consume unbounded disk space when handling requests without a Content-Length header. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34829)
Mehtab Zafar discovered that Rack directly interpreted the X-Accel-Mapping header as a regular expression without escaping. An attacker could possibly use this issue to exfiltrate arbitrary files from internal locations. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34830)
It was discovered that Rack did not properly handle messages with Unicode. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34831)
It was discovered that Rack did not properly parse the Host header. An attacker could possibly use this issue to bypass security filters or poison generated links. This issue only affected Ubuntu 25.10. (CVE-2026-34835)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-34230",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34763",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34785",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "librack-ruby",
"binary_version": "1.5.2-3+deb8u3ubuntu1~esm11"
},
{
"binary_name": "librack-ruby1.8",
"binary_version": "1.5.2-3+deb8u3ubuntu1~esm11"
},
{
"binary_name": "librack-ruby1.9.1",
"binary_version": "1.5.2-3+deb8u3ubuntu1~esm11"
},
{
"binary_name": "ruby-rack",
"binary_version": "1.5.2-3+deb8u3ubuntu1~esm11"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@1.5.2-3+deb8u3ubuntu1~esm11?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.2-3+deb8u3ubuntu1~esm11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.2-1",
"1.5.2-1ubuntu0.1~esm1",
"1.5.2-3+deb8u3ubuntu1~esm2",
"1.5.2-3+deb8u3ubuntu1~esm3",
"1.5.2-3+deb8u3ubuntu1~esm4",
"1.5.2-3+deb8u3ubuntu1~esm6",
"1.5.2-3+deb8u3ubuntu1~esm7",
"1.5.2-3+deb8u3ubuntu1~esm8",
"1.5.2-3+deb8u3ubuntu1~esm9",
"1.5.2-3+deb8u3ubuntu1~esm10"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-34230",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34763",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34785",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34826",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34830",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ruby-rack",
"binary_version": "1.6.4-3ubuntu0.2+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@1.6.4-3ubuntu0.2+esm10?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.4-3ubuntu0.2+esm10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.2-4",
"1.6.4-2",
"1.6.4-3",
"1.6.4-3ubuntu0.1",
"1.6.4-3ubuntu0.2",
"1.6.4-3ubuntu0.2+esm1",
"1.6.4-3ubuntu0.2+esm2",
"1.6.4-3ubuntu0.2+esm4",
"1.6.4-3ubuntu0.2+esm5",
"1.6.4-3ubuntu0.2+esm6",
"1.6.4-3ubuntu0.2+esm7",
"1.6.4-3ubuntu0.2+esm8",
"1.6.4-3ubuntu0.2+esm9"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-34230",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34763",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34785",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34786",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34826",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34830",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ruby-rack",
"binary_version": "1.6.4-4ubuntu0.2+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@1.6.4-4ubuntu0.2+esm10?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.4-4ubuntu0.2+esm10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.4-4",
"1.6.4-4ubuntu0.1",
"1.6.4-4ubuntu0.2",
"1.6.4-4ubuntu0.2+esm1",
"1.6.4-4ubuntu0.2+esm2",
"1.6.4-4ubuntu0.2+esm4",
"1.6.4-4ubuntu0.2+esm5",
"1.6.4-4ubuntu0.2+esm6",
"1.6.4-4ubuntu0.2+esm7",
"1.6.4-4ubuntu0.2+esm8",
"1.6.4-4ubuntu0.2+esm9"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-26961",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34230",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34763",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34785",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34786",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34826",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34829",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34830",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ruby-rack",
"binary_version": "2.0.7-2ubuntu0.1+esm10"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@2.0.7-2ubuntu0.1+esm10?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.7-2ubuntu0.1+esm10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.6-3",
"2.0.7-2",
"2.0.7-2ubuntu0.1",
"2.0.7-2ubuntu0.1+esm1",
"2.0.7-2ubuntu0.1+esm2",
"2.0.7-2ubuntu0.1+esm3",
"2.0.7-2ubuntu0.1+esm4",
"2.0.7-2ubuntu0.1+esm5",
"2.0.7-2ubuntu0.1+esm6",
"2.0.7-2ubuntu0.1+esm7",
"2.0.7-2ubuntu0.1+esm8",
"2.0.7-2ubuntu0.1+esm9"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-26961",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34230",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34763",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34785",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34786",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34826",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34829",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34830",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34831",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ruby-rack",
"binary_version": "2.1.4-5ubuntu1.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@2.1.4-5ubuntu1.2+esm3?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4-5ubuntu1.2+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.4-3",
"2.1.4-4",
"2.1.4-5",
"2.1.4-5ubuntu1",
"2.1.4-5ubuntu1+esm2",
"2.1.4-5ubuntu1+esm3",
"2.1.4-5ubuntu1+esm4",
"2.1.4-5ubuntu1+esm5",
"2.1.4-5ubuntu1.1",
"2.1.4-5ubuntu1.1+esm1",
"2.1.4-5ubuntu1.1+esm2",
"2.1.4-5ubuntu1.2",
"2.1.4-5ubuntu1.2+esm1",
"2.1.4-5ubuntu1.2+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-26961",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-26962",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34230",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34763",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34785",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34786",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34826",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34829",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34830",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34831",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ruby-rack",
"binary_version": "2.2.7-1ubuntu0.7"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@2.2.7-1ubuntu0.7?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.7-1ubuntu0.7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.4-3",
"2.2.7-1",
"2.2.7-1ubuntu0.1",
"2.2.7-1ubuntu0.2",
"2.2.7-1ubuntu0.3",
"2.2.7-1ubuntu0.4",
"2.2.7-1ubuntu0.5",
"2.2.7-1ubuntu0.6"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-26961",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-26962",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-32762",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34230",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34763",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34785",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34786",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34826",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34827",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34829",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34830",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34831",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-34835",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ruby-rack",
"binary_version": "3.1.16-0.1ubuntu0.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ruby-rack",
"purl": "pkg:deb/ubuntu/ruby-rack@3.1.16-0.1ubuntu0.3?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.16-0.1ubuntu0.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.7-1.1",
"3.1.16-0.1",
"3.1.16-0.1ubuntu0.1",
"3.1.16-0.1ubuntu0.2"
]
}
],
"aliases": [],
"details": "Andrew Lacambra discovered that Rack did not properly parse certain regular\nexpressions. An attacker could possibly use this issue to bypass network\nsecurity filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04\nLTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-26961)\n\nWilliam T. Nelson discovered that Rack did not handle multipart headers\ncorrectly. An attacker could possibly use this issue to cause downstream\nparsing issues or a denial of service. This issue only affected Ubuntu\n25.10. (CVE-2026-26962)\n\nIt was discovered that Rack did not handle the Forwarded header correctly.\nAn attacker could possibly use this issue to manipulate header values. This\nissue only affected Ubuntu 25.10. (CVE-2026-32762)\n\nIt was discovered that Rack could consume excessive CPU when handling\ncertain Accept-Encoding values. An attacker could possibly use this issue\nto cause a denial of service. (CVE-2026-34230)\n\nHaruki Oyama discovered that certain configurations of Rack could\nerroneously fail to derive the displayed directory path, and expose the\nfull filesystem path. An attacker could possibly use this issue to disclose\ndeployment details such as layout and usernames. (CVE-2026-34763)\n\nIt was discovered that Rack did not properly handle static file paths. An\nattacker could possibly use this issue to exfiltrate unintentionally served\ndata. (CVE-2026-34785)\n\nHaruki Oyama discovered that Rack did not apply header rules to certain\nrequests for URL-encoded static paths. An attacker could possibly use this\nissue to bypass security-relevant response headers. This issue only\naffected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04\nLTS, and Ubuntu 25.10. (CVE-2026-34786)\n\nIt was discovered that Rack did not limit the number of ranges requested in\nthe Range header. An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu\n25.10. (CVE-2026-34826)\n\nIt was discovered that Rack could consume excessive CPU when parsing\ncertain multipart parameters. An attacker could possibly use this to cause\na denial of service. This issue only affected Ubuntu 25.10.\n(CVE-2026-34827)\n\nIt was discovered that Rack could consume unbounded disk space when\nhandling requests without a Content-Length header. An attacker could\npossibly use this issue to cause a denial of service. This issue only\naffected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu\n25.10. (CVE-2026-34829)\n\nMehtab Zafar discovered that Rack directly interpreted the X-Accel-Mapping\nheader as a regular expression without escaping. An attacker could possibly\nuse this issue to exfiltrate arbitrary files from internal locations. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nUbuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34830)\n\nIt was discovered that Rack did not properly handle messages with Unicode.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu\n25.10. (CVE-2026-34831)\n\nIt was discovered that Rack did not properly parse the Host header. An\nattacker could possibly use this issue to bypass security filters or poison\ngenerated links. This issue only affected Ubuntu 25.10. (CVE-2026-34835)",
"id": "USN-8182-1",
"modified": "2026-06-30T15:55:17Z",
"published": "2026-04-17T00:23:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8182-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-26961"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-26962"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-32762"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34230"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34763"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34785"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34786"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34826"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34827"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34829"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34830"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34831"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-34835"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "ruby-rack vulnerabilities",
"upstream": [
"UBUNTU-CVE-2026-26961",
"UBUNTU-CVE-2026-26962",
"UBUNTU-CVE-2026-32762",
"UBUNTU-CVE-2026-34230",
"UBUNTU-CVE-2026-34763",
"UBUNTU-CVE-2026-34785",
"UBUNTU-CVE-2026-34786",
"UBUNTU-CVE-2026-34826",
"UBUNTU-CVE-2026-34827",
"UBUNTU-CVE-2026-34829",
"UBUNTU-CVE-2026-34830",
"UBUNTU-CVE-2026-34831",
"UBUNTU-CVE-2026-34835"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.