Critical Path Traversal and Code Execution Vulnerabilities in Rack Affect Ubuntu Releases

Critical Path Traversal and Code Execution Vulnerabilities in Rack Affect Ubuntu Releases

First seen 27 Feb 2026, 04:11 UTC UbuntuLinuxsecurity 81% similarity 59.3

Article Content

Browse articles
ThreatCluster

Ubuntu 25.10 and its LTS derivatives are affected by vulnerabilities in Rack, a Ruby webserver interface. CVE-2026-22860 allows for path traversal attacks that could leak sensitive information, while CVE-2026-25500 enables arbitrary code execution due to improper input sanitization. Both vulnerabilities were discovered by Minh Pham Quang and Ali Firas and were published on February 18, 2026.

ThreatCluster AI

Timeline

2026-02-18
CVE-2026-22860 and CVE-2026-25500 published
2026-02-26
Security issues reported affecting Ubuntu 25.10 and LTS versions

Community

Browse all →