diff --git a/Gemfile.lock b/Gemfile.lock
index 989502e40a1ee48722fbf25c02e3fb7db26c028a..13e1e4ac8285c4724f73daebdd1d79c2ac824cc3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -770,7 +770,8 @@ GEM
       rack (>= 0.4)
     rack-attack (6.2.0)
       rack (>= 1.0, < 3)
-    rack-cors (1.0.2)
+    rack-cors (1.0.6)
+      rack (>= 1.6.0)
     rack-oauth2 (1.9.3)
       activesupport
       attr_required
diff --git a/changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml b/changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml
new file mode 100644
index 0000000000000000000000000000000000000000..70f0329676848f1a1fc473b04767b11777fc5239
--- /dev/null
+++ b/changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml
@@ -0,0 +1,5 @@
+---
+title: Update rack-cors to 1.0.6
+merge_request: 22809
+author:
+type: security