CVE-2026-33241

Exploit

EPSS 0.02%
Veröffentlicht 23.03.2026 23:41:50
Zuletzt bearbeitet 24.03.2026 19:37:58
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) conditions by sending extremely large payloads, leading to service crashes and denial of service. Version 0.89.3 contains a patch.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Salvo ≫ Salvo SwPlatformrust Version < 0.89.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/salvo-rs/salvo/security/advisories/GHSA-pp9r-xg4c-8j4x

Vendor Advisory

Exploit

https://github.com/salvo-rs/salvo/releases/tag/v0.89.3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-33241

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33241

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33241

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33241