CVE-2026-34831
- Source
- https://cve.org/CVERecord?id=CVE-2026-34831
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-34831.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-34831
- Aliases
- Downstream
- Related
- Published
- 2026-04-02T16:43:08.762Z
- Modified
- 2026-05-28T03:55:26.913921115Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Rack: Content-Length mismatch in Rack::Files error responses
- Details
-
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the requested path in 404 responses, an attacker can trigger this mismatch by requesting a non-existent path containing percent-encoded UTF-8 characters. This results in incorrect HTTP response framing and may cause response desynchronization in deployments that rely on the incorrect Content-Length value. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34831.json", "cwe_ids": [ "CWE-130", "CWE-135" ] }- References