1. Rails Active Storage Path Traversal: CVE-2026-33195 Exposes File Access Risk in 7.1.6 and Earlier
A path traversal vulnerability in Ruby on Rails' Active Storage component has been assigned CVE-2026-33195, prompting security advisories for applications running versions 7.1.6 and earlier. The flaw resides in `DiskService#path_for`, which fails to verify that resolved filesystem paths remain within the configured sto...