Ubuntu 25.10 Rack Critical Path Traversal Code Execution Vulnerabilities
ubuntu
February 26, 2026
Several security issues were fixed in Rack.
Summary
Several security issues were fixed in Rack.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
Minh Pham Quang discovered that Rack did not correctly handle parsing
certain paths, which could lead to a path traversal attack. An attacker
could possibly use this issue to leak sensitive information.
(CVE-2026-22860)
Ali Firas discovered that Rack did not correctly sanitize certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2026-25500)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
ruby-rack 3.1.16-0.1ubuntu0.2
Ubuntu 24.04 LTS
ruby-rack 2.2.7-1ubuntu0.6
Ubuntu 22.04 LTS
ruby-rack 2.1.4-5ubuntu1.2+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ruby-rack 2.0.7-2ubuntu0.1+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.References
https://ubuntu.com/security/notices/USN-8066-1
CVE-2026-22860, CVE-2026-25500
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8066-1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!