{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33174", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T22:16:36.719Z", "datePublished": "2026-03-23T23:24:55.594Z", "dateUpdated": "2026-03-24T13:40:32.031Z"}, "containers": {"cna": {"title": "Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests", "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "lang": "en", "description": "CWE-789: Memory Allocation with Excessive Size Value", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg"}, {"name": "https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5", "tags": ["x_refsource_MISC"], "url": "https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5"}, {"name": "https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a", "tags": ["x_refsource_MISC"], "url": "https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a"}, {"name": "https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b", "tags": ["x_refsource_MISC"], "url": "https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b"}, {"name": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1"}, {"name": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1"}, {"name": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1"}], "affected": [{"vendor": "rails", "product": "activestorage", "versions": [{"version": ">= 8.1.0.beta1, < 8.1.2.1", "status": "affected"}, {"version": ">= 8.0.0.beta1, < 8.0.4.1", "status": "affected"}, {"version": "< 7.2.3.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T23:25:23.363Z"}, "descriptions": [{"lang": "en", "value": "Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header (e.g. `bytes=0-`) could cause the server to allocate memory proportional to the file size, possibly resulting in a DoS vulnerability through memory exhaustion. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch."}], "source": {"advisory": "GHSA-r46p-8f7g-vvvg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T13:40:23.185319Z", "id": "CVE-2026-33174", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:40:32.031Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33174", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T13:40:23.185319Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:40:27.286Z"}}], "cna": {"title": "Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests", "source": {"advisory": "GHSA-r46p-8f7g-vvvg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "rails", "product": "activestorage", "versions": [{"status": "affected", "version": ">= 8.1.0.beta1, < 8.1.2.1"}, {"status": "affected", "version": ">= 8.0.0.beta1, < 8.0.4.1"}, {"status": "affected", "version": "< 7.2.3.1"}]}], "references": [{"url": "https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg", "name": "https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5", "name": "https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a", "name": "https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b", "name": "https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "name": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "name": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "name": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header (e.g. `bytes=0-`) could cause the server to allocate memory proportional to the file size, possibly resulting in a DoS vulnerability through memory exhaustion. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789: Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-23T23:25:23.363Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33174", "state": "PUBLISHED", "dateUpdated": "2026-03-24T13:40:32.031Z", "dateReserved": "2026-03-17T22:16:36.719Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-23T23:24:55.594Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9DC6CB9-DC6C-4CBB-9806-3936ADBC8F1B", "versionEndExcluding": "7.2.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA8791E1-8B96-43F6-A3EC-A7E60D700330", "versionEndExcluding": "8.0.4.1", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "matchCriteriaId": "978E0135-D14B-41DE-87E4-CF059A23E189", "versionEndExcluding": "8.1.2.1", "versionStartIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header (e.g. `bytes=0-`) could cause the server to allocate memory proportional to the file size, possibly resulting in a DoS vulnerability through memory exhaustion. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch."}, {"lang": "es", "value": "Active Storage permite a los usuarios adjuntar archivos en la nube y locales en aplicaciones Rails. Antes de las versiones 8.1.2.1, 8.0.4.1 y 7.2.3.1, al servir archivos a trav\u00e9s del modo de entrega de proxy de Active Storage, el controlador de proxy carga todo el rango de bytes solicitado en la memoria antes de enviarlo. Una solicitud con un encabezado Range grande o ilimitado (por ejemplo, 'bytes=0-') podr\u00eda hacer que el servidor asigne memoria proporcional al tama\u00f1o del archivo, posiblemente resultando en una vulnerabilidad de DoS a trav\u00e9s del agotamiento de la memoria. Las versiones 8.1.2.1, 8.0.4.1 y 7.2.3.1 contienen un parche."}], "id": "CVE-2026-33174", "lastModified": "2026-03-24T17:55:58.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-24T00:16:28.630", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Rails: Active Storage: Rails Active Storage: Denial of Service via unbounded Range header", "id": "2450544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450544"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in Rails Active Storage. A remote attacker can exploit this vulnerability by sending a request with a large or unbounded Range header, such as `bytes=0-`, when files are served through Active Storage's proxy delivery mode. This action can cause the server to allocate memory proportional to the file size, potentially leading to a Denial of Service (DoS) due to memory exhaustion."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-33174", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp20/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp21/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp21/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp22/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp22/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp24/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp24/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp25/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp25/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp26/system", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp26/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp2/system-rhel7", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp2/system-rhel8", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp2/system-rhel9", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp2/zync-rhel7", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp2/zync-rhel8", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Fix deferred", "package_name": "3scale-amp2/zync-rhel9", "product_name": "Red Hat 3scale API Management Platform 2"}], "public_date": "2026-03-23T23:24:55Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-33174\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33174\nhttps://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\nhttps://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a\nhttps://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b\nhttps://github.com/rails/rails/releases/tag/v7.2.3.1\nhttps://github.com/rails/rails/releases/tag/v8.0.4.1\nhttps://github.com/rails/rails/releases/tag/v8.1.2.1\nhttps://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.1.0.beta1,8.1.2.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0.beta1,8.0.4.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.2.3.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "activestorage", "source": "cna", "vendor": "rails"}, "product": "activestorage", "vendor": "rails"}], "created": "2026-03-24T10:29:57.576232+00:00", "updated": "2026-03-24T10:29:57.576314+00:00", "vendors": ["rails", "rails$PRODUCT$activestorage"]}