ruby webrick through v1.9.2 WEBrick reparses trailer
Published: July 02, 2026
SECURITY IDENTIFIERS
- CVE: CVE-2026-38969 (NVD)
- GHSA: GHSA-h4w6-wx8r-p68v
GEM
PATCHED VERSIONS
None available.
DESCRIPTION
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling.
