{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-34827","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-03-30T20:52:53.283Z","datePublished":"2026-04-02T17:07:48.279Z","dateUpdated":"2026-06-30T12:09:07.726Z"},"containers":{"cna":{"title":"Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser","problemTypes":[{"descriptions":[{"cweId":"CWE-407","lang":"en","description":"CWE-407: Inefficient Algorithmic Complexity","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-400","lang":"en","description":"CWE-400: Uncontrolled Resource Consumption","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-770","lang":"en","description":"CWE-770: Allocation of Resources Without Limits or Throttling","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x","tags":["x_refsource_CONFIRM"],"url":"https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x"}],"affected":[{"vendor":"rack","product":"rack","versions":[{"version":">= 3.0.0.beta1, < 3.1.21","status":"affected"},{"version":">= 3.2.0, < 3.2.6","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-04-02T17:07:48.279Z"},"descriptions":[{"lang":"en","value":"Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parser#handle_mime_head parses quoted multipart parameters such as Content-Disposition: form-data; name=\"...\" using repeated String#index searches combined with String#slice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticated attacker can send a crafted multipart/form-data request containing many parts with long backslash-escaped parameter values to trigger excessive CPU usage during multipart parsing. This results in a denial of service condition in Rack applications that accept multipart form data. This issue has been patched in versions 3.1.21 and 3.2.6."}],"source":{"advisory":"GHSA-v6x5-cg8r-vv6x","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-02T18:42:04.834994Z","id":"CVE-2026-34827","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-03T18:13:16.834Z"}},{"affected":[{"cpes":["cpe:/a:redhat:logging:5"],"defaultStatus":"affected","product":"Logging Subsystem for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"],"defaultStatus":"affected","product":"Red Hat 3scale API Management Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"}],"datePublic":"2026-04-02T17:07:48.279Z","descriptions":[{"lang":"en","value":"A flaw was found in Rack, a modular Ruby web server interface. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted multipart/form-data request. This request, containing numerous parts with lengthy backslash-escaped parameter values, causes the system to consume excessive CPU resources during parsing. This algorithmic complexity issue ultimately leads to a denial of service (DoS) condition in Rack applications that process multipart form data."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-34827"},{"name":"RHBZ#2454501","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454501"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34827.json"}],"timeline":[{"lang":"en","time":"2026-04-02T18:02:05.760Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-02T17:07:48.279Z","value":"Made public."}],"title":"rack: Rack: Denial of Service via crafted multipart/form-data requests","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:09:07.726Z"}}]}}