CVE-2026-48593

Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web

Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

PT-2026-43408

Uncontrolled Resource Consumption vulnerability in oban-bg oban web 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

CVE-2026-34826 Rack: Unbounded Range Count in get_byte_ranges Enables DoS

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

CVE-2026-34826

CVE-2026-34826 affects Rack prior to 2.2.23, 3.1.21, and 3.2.6. Rack::Utils.get_byte_ranges does not cap the number of individual byte ranges in the HTTP Range header, allowing an attacker to send many small overlapping ranges that trigger disproportionate CPU, memory, I/O, and bandwidth usage in...