2451983 – (CVE-2026-33658) CVE-2026-33658 rails: activestorage: Active Storage: Denial of Service via HTTP Range header processing

Bug 2451983 (CVE-2026-33658) - CVE-2026-33658 rails: activestorage: Active Storage: Denial of Service via HTTP Range header processing

Summary: CVE-2026-33658 rails: activestorage: Active Storage: Denial of Service via HT...

Keywords:
Status:	NEW
Alias:	CVE-2026-33658
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2452165 2452166
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-26 22:02 UTC by OSIDB Bzimport
Modified:	2026-03-27 08:45 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-26 22:02:03 UTC

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1
Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.

Note You need to log in before you can comment on or make changes to this bug.