A vulnerability classified as problematic was found in Rack up to 2.2.22/3.1.20/3.2.5 . Impacted is the function Rack::Directory of the component Regular Expression Handler . The manipulation results in permissive regular expression. This vulnerability is reported as CVE-2026-34763 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.