https://feed.craftedsignal.io/tags/cve-2026-33174/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 24 Mar 2026 00:16:28 +0000https://feed.craftedsignal.io/briefs/2026-03-rails-dos/Tue, 24 Mar 2026 00:16:28 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-rails-dos/A denial-of-service vulnerability (CVE-2026-33174) exists in Ruby on Rails Active Storage versions prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 due to unbounded memory allocation when handling large or unbounded Range headers in proxy delivery mode.<p>CVE-2026-33174 is a denial-of-service vulnerability affecting Ruby on Rails applications that utilize Active Storage. Specifically, it impacts versions prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. The vulnerability stems from the way Active Storage handles file serving through its proxy delivery mode. When processing requests with large or unbounded Range headers (e.g., <code>bytes=0-</code>), the proxy controller incorrectly loads the entire requested byte range into memory before sending it to the client…</p> mediumadvisoryrailsactive-storagedoscve-2026-33174