diff --git a/gems/rack-cors/CVE-2024-27456.yml b/gems/rack-cors/CVE-2024-27456.yml
new file mode 100644
index 0000000000..1b481e3344
--- /dev/null
+++ b/gems/rack-cors/CVE-2024-27456.yml
@@ -0,0 +1,16 @@
+---
+gem: rack-cors
+cve: 2024-27456
+ghsa: 785g-282q-pwvx
+url: https://github.com/advisories/GHSA-785g-282q-pwvx
+title: Rack CORS Middleware has Insecure File Permissions
+date: 2024-02-26
+description: |
+  rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions
+  for the .rb files.
+notes: Never patched
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-27456
+    - https://github.com/cyu/rack-cors/issues/274
+    - https://github.com/advisories/GHSA-785g-282q-pwvx