CVE-2026-33210— Ruby JSON has a format string injection vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-33210
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ruby JSON has a format string injection vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用外部控制的格式字符串
Source: NVD (National Vulnerability Database)
Vulnerability Title
JSON implementation for Ruby 格式化字符串错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
JSON implementation for Ruby是Ruby开源的一个 Ruby 的 JSON 实现。 JSON implementation for Ruby 2.15.2.1之前版本、2.17.1.2之前版本和2.19.2之前版本存在格式化字符串错误漏洞,该漏洞源于使用allow_duplicate_key: false解析选项时存在格式字符串注入,可能导致拒绝服务攻击或信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-33210
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-33210
请登录查看更多情报信息。
- Format string injection vulnerability · Advisory · ruby/json · GitHubx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-33210
IV. Related Vulnerabilities
Same vendor: ruby
- CVE-2026-42258
net-imap: Command Injection via unvalidated Symbol inputs - CVE-2026-42257
net-imap: Command Injection via "raw" arguments to multiple - CVE-2026-42256
net-imap: Denial of service via high iteration count for `SC - CVE-2026-42245
net-imap: Quadratic complexity when reading response literal - CVE-2026-42246
net-imap vulnerable to STARTTLS stripping via invalid respon
Same weakness: CWE-134
- CVE-2026-44407
Remote Denial of Service Vulnerability Exists in ZTE Cloud P - CVE-2026-6539
Notepad++ 8.9.3 Format String Injection via nativeLang.xml - CVE-2026-6843
Nano: nano: format string vulnerability leads to denial of s - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2025-68648
Fortinet多款产品 格式化字符串错误漏洞
V. Comments for CVE-2026-33210
No comments yet