{"api_version":"1","generated_at":"2026-07-02T22:25:39+00:00","cve":"CVE-2026-33195","urls":{"html":"https://cve.report/CVE-2026-33195","api":"https://cve.report/api/cve/CVE-2026-33195.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-33195","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-33195"},"summary":{"title":"Rails Active Storage has possible Path Traversal in DiskService","description":"Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applications could be passing user input as keys and would be affected. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-03-24 00:16:28","updated_at":"2026-06-30 03:18:37"},"problem_types":["CWE-22","CWE-22 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":[{"version":"4.0","source":"security-advisories@github.com","type":"Secondary","score":"8","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"8","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U","data":{"attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8,"baseSeverity":"HIGH","privilegesRequired":"NONE","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"CVSS","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","version":"3.1"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}}],"references":[{"url":"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348","name":"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348","refsource":"security-advisories@github.com","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-33195","name":"https://access.redhat.com/security/cve/CVE-2026-33195","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c","name":"https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c","refsource":"security-advisories@github.com","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655","name":"https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655","refsource":"security-advisories@github.com","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87","name":"https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87","refsource":"security-advisories@github.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33195.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33195.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/rails/rails/releases/tag/v7.2.3.1","name":"https://github.com/rails/rails/releases/tag/v7.2.3.1","refsource":"security-advisories@github.com","tags":["Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450546","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2450546","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/rails/rails/releases/tag/v8.0.4.1","name":"https://github.com/rails/rails/releases/tag/v8.0.4.1","refsource":"security-advisories@github.com","tags":["Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/rails/rails/releases/tag/v8.1.2.1","name":"https://github.com/rails/rails/releases/tag/v8.1.2.1","refsource":"security-advisories@github.com","tags":["Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-33195","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33195","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"rails","product":"activestorage","version":"affected >= 8.1.0.beta1, < 8.1.2.1","platforms":[]},{"source":"CNA","vendor":"rails","product":"activestorage","version":"affected >= 8.0.0.beta1, < 8.0.4.1","platforms":[]},{"source":"CNA","vendor":"rails","product":"activestorage","version":"affected < 7.2.3.1","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","version":"","platforms":[]}],"timeline":[{"source":"ADP","time":"2026-03-24T00:01:50.330Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-03-23T23:31:41.785Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"ADP","title":"","value":"To mitigate this issue, ensure that blob keys used by Active Storage are not derived from untrusted user input. Applications should validate and sanitize any user-provided data before it is used in blob keys to prevent path traversal sequences.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"33195","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rubyonrails","cpe5":"rails","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-33195","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-03-24T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-25T03:56:06.239Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"],"defaultStatus":"affected","product":"Red Hat 3scale API Management Platform 2","vendor":"Red Hat"}],"datePublic":"2026-03-23T23:31:41.785Z","descriptions":[{"lang":"en","value":"A flaw was found in Active Storage, a component of Rails applications that manages file attachments. This vulnerability allows an attacker to manipulate file paths by using specially crafted input in blob keys. This manipulation can lead to unauthorized reading, writing, or deletion of arbitrary files on the server, potentially compromising the integrity and confidentiality of data."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:45:09.559Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-33195"},{"name":"RHBZ#2450546","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450546"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33195.json"}],"timeline":[{"lang":"en","time":"2026-03-24T00:01:50.330Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-23T23:31:41.785Z","value":"Made public."}],"title":"Rails: Active Storage: Active Storage (Rails): Arbitrary file access via path traversal in blob keys","workarounds":[{"lang":"en","value":"To mitigate this issue, ensure that blob keys used by Active Storage are not derived from untrusted user input. Applications should validate and sanitize any user-provided data before it is used in blob keys to prevent path traversal sequences."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"product":"activestorage","vendor":"rails","versions":[{"status":"affected","version":">= 8.1.0.beta1, < 8.1.2.1"},{"status":"affected","version":">= 8.0.0.beta1, < 8.0.4.1"},{"status":"affected","version":"< 7.2.3.1"}]}],"descriptions":[{"lang":"en","value":"Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applications could be passing user input as keys and would be affected. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch."}],"metrics":[{"cvssV4_0":{"attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8,"baseSeverity":"HIGH","privilegesRequired":"NONE","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-23T23:31:41.785Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87","tags":["x_refsource_CONFIRM"],"url":"https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87"},{"name":"https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c","tags":["x_refsource_MISC"],"url":"https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c"},{"name":"https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655","tags":["x_refsource_MISC"],"url":"https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655"},{"name":"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348","tags":["x_refsource_MISC"],"url":"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348"},{"name":"https://github.com/rails/rails/releases/tag/v7.2.3.1","tags":["x_refsource_MISC"],"url":"https://github.com/rails/rails/releases/tag/v7.2.3.1"},{"name":"https://github.com/rails/rails/releases/tag/v8.0.4.1","tags":["x_refsource_MISC"],"url":"https://github.com/rails/rails/releases/tag/v8.0.4.1"},{"name":"https://github.com/rails/rails/releases/tag/v8.1.2.1","tags":["x_refsource_MISC"],"url":"https://github.com/rails/rails/releases/tag/v8.1.2.1"}],"source":{"advisory":"GHSA-9xrj-h377-fr87","discovery":"UNKNOWN"},"title":"Rails Active Storage has possible Path Traversal in DiskService"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-33195","datePublished":"2026-03-23T23:31:41.785Z","dateReserved":"2026-03-17T22:16:36.721Z","dateUpdated":"2026-06-30T02:45:09.559Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-24 00:16:28","lastModifiedDate":"2026-06-30 03:18:37","problem_types":["CWE-22","CWE-22 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-24T00:00:00+00:00","id":"CVE-2026-33195","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionEndExcluding":"7.2.3.1","matchCriteriaId":"D9DC6CB9-DC6C-4CBB-9806-3936ADBC8F1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.4.1","matchCriteriaId":"FA8791E1-8B96-43F6-A3EC-A7E60D700330"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.2.1","matchCriteriaId":"978E0135-D14B-41DE-87E4-CF059A23E189"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"33195","Ordinal":"1","Title":"Rails Active Storage has possible Path Traversal in DiskService","CVE":"CVE-2026-33195","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"33195","Ordinal":"1","NoteData":"Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applications could be passing user input as keys and would be affected. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.","Type":"Description","Title":"Rails Active Storage has possible Path Traversal in DiskService"}]}}}