Rails Active Storage Has A Possible DoS Vulnerability In Proxy Mode Via Multi-range Requests

Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Releases The fixed...

Linux Distros Unpatched Vulnerability : CVE-2026-33658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy...

CVE-2026-33658

Ruby on Rails Active Storage is affected by a DoS vulnerability in the proxy mode where the HTTP Range header can include thousands of small ranges, causing disproportionate CPU usage. This impacts Rails applications using Active Storage prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1. A patch ha...

CVE-2026-33658 Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

GHSA-P9FM-F462-GGRG Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Releases The fixed...

Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Releases The fixed...

Linux Distros Unpatched Vulnerability : CVE-2026-33202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's...

Linux Distros Unpatched Vulnerability : CVE-2026-33174

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through...

CVE-2026-33173

A flaw was found in Rails Active Storage. A remote attacker, acting as a direct-upload client, can exploit this vulnerability by manipulating metadata during file uploads. By setting internal flags, the attacker can bypass the system's automatic MIME Multipurpose Internet Mail Extensions type...

CVE-2026-33174

A flaw was found in Rails Active Storage. A remote attacker can exploit this vulnerability by sending a request with a large or unbounded Range header, such as bytes=0-, when files are served through Active Storage's proxy delivery mode. This action can cause the server to allocate memory...

CVE-2026-33202

Rails Active Storage has a possible glob injection in DiskService. Specifically, DiskService#delete_prefixed passes blob keys directly to Dir.glob without escaping glob metacharacters, which could allow attacker-controlled keys with glob metacharacters to delete unintended files in the storage di...

CVE-2026-33202 Rails Active Storage has possible glob injection in its DiskService

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

CVE-2026-33195 Rails Active Storage has possible Path Traversal in DiskService

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...

CVE-2026-33174 Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...

CVE-2026-33173 Rails Active Storage has possible content type bypass via metadata in direct uploads

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...

EUVD-2026-14632

Rails Active Storage has possible Path Traversal in DiskService...

GHSA-9XRJ-H377-FR87 Rails Active Storage has possible Path Traversal in DiskService

Impact Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences e.g. ../ is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are...

Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests

Impact When serving files through Active Storage's Blobs::ProxyController, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header e.g. bytes=0- could cause the server to allocate memory proportional to the file size,...

GHSA-QCFX-2MFW-W4CG Rails Active Storage has possible content type bypass via metadata in direct uploads

Impact Active Storage's DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the same metadata hash, a malicious direct-upload client could set these flags. Releases The fixed releases are...

EUVD-2026-14626

Rails Active Storage has possible content type bypass via metadata in direct uploads...