Browse all 37 CVE security advisories affecting Rack. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rack serves as a container orchestration platform, enabling developers to deploy and manage applications within isolated environments. Its architecture, which relies heavily on API interactions and web interfaces, has historically exposed it to a range of critical vulnerabilities. Among the 37 recorded CVEs, Remote Code Execution (RCE) and Cross-Site Scripting (XSS) represent the most prevalent threat vectors, often stemming from insufficient input validation in administrative endpoints. Additionally, privilege escalation flaws have allowed unauthorized users to gain elevated access, compromising the integrity of hosted workloads. While the platform offers robust isolation features, its complex dependency chain and frequent updates have occasionally introduced security gaps. These incidents highlight the necessity for rigorous patch management and strict access controls to mitigate risks associated with its containerized infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39324 | Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization — rack-sessionCWE-287 | 7.4AI | HighAI | 2026-04-07 |
| CVE-2025-46336 | Rack session gets restored after deletion — rack-sessionCWE-362 | 4.2 | Medium | 2025-05-08 |
This page lists every published CVE security advisory associated with Rack. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.