Back

Multiple Vulnerabilities Discovered in Rack Affecting Ubuntu Releases

Severity: Medium (Score: 57.9)

Sources: Linuxsecurity, Ubuntu

Summary

On April 17, 2026, multiple vulnerabilities in the Rack web server interface were disclosed, affecting several versions of Ubuntu, including 20.04 LTS, 22.04 LTS, 24.04 LTS, and 25.10. The vulnerabilities include improper parsing of regular expressions (CVE-2026-26961), mishandling of multipart headers (CVE-2026-26962), and incorrect handling of the Forwarded header (CVE-2026-32762). These issues could allow attackers to bypass network security filters, cause denial of service, or manipulate header values. Other vulnerabilities could lead to excessive CPU consumption and potential information disclosure. The affected versions span from Ubuntu 14.04 LTS to 25.10, indicating a broad impact across multiple releases. Users are advised to update their systems to the latest package versions to mitigate these vulnerabilities. The vulnerabilities were published on April 2, 2026, and are now being actively addressed by the community. Key Points: • Multiple vulnerabilities in Rack affect Ubuntu versions 20.04 LTS to 25.10. • Critical issues include potential denial of service and information disclosure. • Users must update to the latest package versions to secure their systems.

Key Entities

  • DDoS (attack_type)
  • CVE-2026-26961 (cve)
  • CVE-2026-26962 (cve)
  • CVE-2026-32762 (cve)
  • CVE-2026-34230 (cve)
  • CVE-2026-34763 (cve)
  • Librack-ruby (platform)
  • Rack (platform)
  • Ruby-rack (platform)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed