A vulnerability was found in Rack up to 2.2.22/3.1.20/3.2.5 . It has been classified as problematic . Affected is the function Rack::Static . The manipulation leads to incorrect behavior order: validate before canonicalize. This vulnerability is uniquely identified as CVE-2026-34786 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.