PT-2026-27262 · Rails+1 · Rails+1
Mike Dalessio
·
Published
2026-03-23
·
Updated
2026-05-08
·
CVE-2026-33195
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rails versions prior to 8.1.2.1
Rails versions prior to 8.0.4.1
Rails versions prior to 7.2.3.1
Description
Active Storage in Rails applications allows users to attach cloud and local files. The
DiskService#path for function does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g., ../) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but applications passing user input as keys would be affected.Recommendations
Update to Rails version 8.1.2.1 or later.
Update to Rails version 8.0.4.1 or later.
Update to Rails version 7.2.3.1 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rails
Red Os