Ubuntu 26.04 USN-8190-2 ruby-rack-session Critical Session Access Flaw
ubuntu
April 28, 2026
Rack::Session could allow unintended access to network services.
Summary
Rack::Session could allow unintended access to network services.
Software Description:
- ruby-rack-session: Session management implementation for Rack
Details:
USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the
corresponding update for Ubuntu 26.04 LTS.
Original advisory details:
SeungMyung Lee discovered that Rack::Session did not properly reject
cookies upon decryption failure. A remote attacker could use this issue to
manipulate session contents and possibly gain unauthorized access.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS ruby-rack-session 2.1.1-0.1ubuntu0.26.04.1 After a standard system update you need to restart ruby-rack-session to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8190-2
https://ubuntu.com/security/notices/USN-8190-1
CVE-2026-39324
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8190-2
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!