{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33174/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["rails","active-storage","dos","cve-2026-33174"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-33174 is a denial-of-service vulnerability affecting Ruby on Rails applications that utilize Active Storage. Specifically, it impacts versions prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. The vulnerability stems from the way Active Storage handles file serving through its proxy delivery mode. When processing requests with large or unbounded Range headers (e.g., \u003ccode\u003ebytes=0-\u003c/code\u003e), the proxy controller incorrectly loads the entire requested byte range into memory before sending it to the client…\u003c/p\u003e\n","date_modified":"2026-03-24T00:16:28Z","date_published":"2026-03-24T00:16:28Z","id":"/briefs/2026-03-rails-dos/","summary":"A denial-of-service vulnerability (CVE-2026-33174) exists in Ruby on Rails Active Storage versions prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 due to unbounded memory allocation when handling large or unbounded Range headers in proxy delivery mode.","title":"Ruby on Rails Active Storage DoS Vulnerability (CVE-2026-33174)","url":"https://feed.craftedsignal.io/briefs/2026-03-rails-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33174","version":"https://jsonfeed.org/version/1.1"}