rack-session (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package rack-session, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2026-39324 — CVSS 9.8 (critical): Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles…
CVE-2025-46336 — CVSS 4.2 (medium): Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the…