CVE-2026-33195
HIGH EPSS 44.4%
Published Mar 24, 20263mo ago · Modified Jun 17, 20262w ago
8.0 CVSS 4.0
Published Mar 24, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago
Description
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applications could be passing user input as keys and would be affected. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
44.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| rubyonrails | rails | * | <7.2.3.1 |
| rubyonrails | rails | * | ≥8.0.0 – <8.0.4.1 |
| rubyonrails | rails | * | ≥8.1.0 – <8.1.2.1 |
References 7
- github.com https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c
- github.com https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655
- github.com https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348
- github.com https://github.com/rails/rails/releases/tag/v7.2.3.1
- github.com https://github.com/rails/rails/releases/tag/v8.0.4.1
- github.com https://github.com/rails/rails/releases/tag/v8.1.2.1
- github.com https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87
Remediation
- github.com https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c
- github.com https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655
- github.com https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348