diff --git a/Gemfile b/Gemfile
index c306b83..496cd50 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,7 +15,7 @@ gem 'pg', '~> 1.1'
 gem 'puma', '~> 6.0'
 
 # Security: Force Rack to safe version to fix CVE-2025-61780 and CVE-2025-61919
-gem 'rack', '~> 3.1.18'
+gem 'rack', '~> 3.1.20'
 
 # Build JSON APIs with ease [https://github.com/rails/jbuilder]
 # gem "jbuilder"
diff --git a/Gemfile.lock b/Gemfile.lock
index beb2bd5..b019ebb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -241,7 +241,7 @@ GEM
       activesupport (>= 3.0.0)
     raabro (1.4.0)
     racc (1.8.1)
-    rack (3.1.18)
+    rack (3.1.20)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-cors (3.0.0)
@@ -430,7 +430,7 @@ DEPENDENCIES
   pg (~> 1.1)
   puma (~> 6.0)
   pundit
-  rack (~> 3.1.18)
+  rack (~> 3.1.20)
   rack-attack
   rack-cors
   rails (~> 7.2.0)