Rails Active Support has a possible DoS vulnerability in its number helpers — CVE-2026-33176
GitHub · GitHub · CVE-2026-33176
ID
CVE-2026-33176
CVE-2026-33176
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
6.6
6.6
EPSS
0.0003
0.0003
Summary
### Impact Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted, possibly resulting in a DoS vulnerability. ### Releases The fixed releases are available at the normal locations.…
Product
rubygems: activesupport
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.