Linuxsecurity
Critical Path Traversal and Code Execution Vulnerabilities in Rack Affect Ubuntu Releases
First seen 27 Feb 2026, 04:11 UTC
•
•81% similarity
•59.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Ubuntu 25.10 and its LTS derivatives are affected by vulnerabilities in Rack, a Ruby webserver interface. CVE-2026-22860 allows for path traversal attacks that could leak sensitive information, while CVE-2026-25500 enables arbitrary code execution due to improper input sanitization. Both vulnerabilities were discovered by Minh Pham Quang and Ali Firas and were published on February 18, 2026.
ThreatCluster AI
Timeline
2026-02-18
CVE-2026-22860 and CVE-2026-25500 published
2026-02-26
Security issues reported affecting Ubuntu 25.10 and LTS versions