What is the CVSS score of CVE-2026-34829?

CVE-2026-34829 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2026-34829?

Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 are vulnerable to unauthenticated denial-of-service attacks via unbounded multipart file uploads without Content-Length headers, allowing attackers to…. A patch is available.

Red Hat CVE-2026-34829

EUVD-2026-18388 HIGH

Uncontrolled Resource Consumption (CWE-400)

2026-04-02 security-advisories@github.com

GHSA-8vqr-qjwx-82mw

Denial Of Service Red Hat File Upload Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 16, 2026 - 17:22 vuln.today

cvss_changed

Patch released

Apr 03, 2026 - 02:30 nvd

Patch available

EUVD ID Assigned

Apr 02, 2026 - 17:22 euvd

EUVD-2026-18388

Analysis Generated

Apr 02, 2026 - 17:22 vuln.today

CVE Published

Apr 02, 2026 - 17:16 nvd

HIGH 7.5

DescriptionNVD

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size limit. For file parts, the uploaded body is written directly to a temporary file on disk rather than being constrained by the buffered in-memory upload limit. An unauthenticated attacker can therefore stream an arbitrarily large multipart file upload and consume unbounded disk space. This results in a denial of service condition for Rack applications that accept multipart form data. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6.

AnalysisAI

Unbounded disk consumption in Rack's multipart parser allows remote denial of service when HTTP requests lack Content-Length headers. Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 fail to enforce size limits on multipart/form-data uploads sent via chunked transfer encoding, enabling unauthenticated attackers to exhaust disk space by streaming arbitrarily large file uploads. …

RemediationAI

Within 24 hours: Identify all applications using Rack versions 2.2.x (before 2.2.23), 3.1.x (before 3.1.21), or 3.2.x (before 3.2.6) via dependency scanning. Within 7 days: Upgrade to patched versions (Rack 2.2.23, 3.1.21, or 3.2.6 or later) and conduct regression testing in staging environments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory