Ubuntu Security Notices USN-8190-2 USN-8190-2: Rack::Session vulnerability Publication date 28 April 2026 Overview Rack::Session could allow unintended access to network services. Releases 26.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Related notices Packages ruby-rack-session - Session management implementation for Rack Details USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access. USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access. Update instructions After a standard system update you need to restart ruby-rack-session to make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 26.04 LTS resolute ruby-rack-session – 2.1.1-0.1ubuntu0.26.04.1 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-39324 CVE-2026-39324 Related notices USN-8190-1 USN-8190-1