Tag
A path traversal vulnerability (CVE-2026-33195) exists in Rails Active Storage's DiskService#path_for, potentially allowing attackers to read, write, or delete arbitrary files on the server by crafting blob keys with path traversal sequences, impacting applications that pass user input as blob keys.