All 6 CVE vulnerabilities found in activestorage, with AI-generated Chinese analysis, references, and POCs.
Vendor: Rails
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33658 | Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests CWE-770 | 7.5AI | HighAI | 2026-03-26 |
| CVE-2026-33202 | Rails Active Storage has possible glob injection in its DiskService CWE-74 | 8.1 | - | 2026-03-23 |
| CVE-2026-33195 | Rails Active Storage has possible Path Traversal in DiskService CWE-22 | 8.8 | - | 2026-03-23 |
| CVE-2026-33174 | Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests CWE-789 | 7.5 | - | 2026-03-23 |
| CVE-2026-33173 | Rails Active Storage has possible content type bypass via metadata in direct uploads CWE-925 | 8.1 | - | 2026-03-23 |
| CVE-2025-24293 | Active Storage 安全漏洞 | 9.8AI | CriticalAI | 2026-01-30 |
All 6 known CVE vulnerabilities affecting activestorage with full Chinese analysis, references, and POCs where available.