Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization · CVE-2026-39324 · GitHub Advisory Database · GitHub

Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Critical severity GitHub Reviewed Published Apr 7, 2026 in rack/rack-session

0 Open 0 Closed

No open alerts for this advisory

Give feedback on Dependabot alerts