CVE-2026-33176

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1

Description Active Support number helpers are susceptible to a denial-of-service condition. The number helpers accept strings containing scientific notation, such as 1e10000, which are expanded into extremely large decimal representations by BigDecimal. This expansion can lead to excessive memory allocation and CPU usage during formatting, potentially causing a DoS.

Recommendations Update to Active Support version 8.1.2.1 or later. Update to Active Support version 8.0.4.1 or later. Update to Active Support version 7.2.3.1 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

BDU:2026-07237

CVE-2026-33176

GHSA-2J26-FRM8-CMJ9

RHSA-2026:14835

RHSA-2026:14873

RHSA-2026:14874

Affected Products

Active Support

Red Os

CVE-2026-33176

Weakness Enumeration

Related Identifiers

Affected Products

References · 26