CVE-2026-38969: ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling.

Overview

Severity
High (CVSS 7.5)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U
Exploit Status
Not Exploited
Patch Tuesday
2026-Jul
Released
2026-07-09
EPSS Score
0.29% (percentile: 20.7%)

Affected Products (2)

Other

  • 21312-17084
  • 21569-17084

Revision History

  • 2026-07-09: Information published.