CVE-2026-33202: Glob Injection and Arbitrary File Deletion in Rails Active Storage

Active Storage is a core framework within Ruby on Rails designed to facilitate uploading files to cloud storage services and local filesystems. It handles attaching files to Active Record objects and managing file transformations, such as image resizing or thumbnail generation. The DiskService component specifically manages files stored on the local filesystem of the application server.

CVE-2026-33202 is classified as a Glob Injection vulnerability (CWE-74) within the ActiveStorage::Service::DiskService module. The vulnerability arises from improper neutralization of user-controllable input before passing it to a file path pattern matching function. This failure allows attackers to manipulate the pattern matching logic.

The primary consequence of this vulnerability is unauthorized data deletion. An attacker who can influence the prefix string used during variant deletion can force the application to recursively delete unintended files within the active storage directory. The vulnerability requires no authentication and can be exploited remotely over the network.

The vulnerability originates in the delete_prefixed method of the ActiveStorage::Service::DiskService class. This method is responsible for removing a primary blob and all its associated derivative files (variants) from the local filesystem. It achieves this by taking a file prefix, appending a wildcard, and passing the result to Ruby's Dir.glob method.

Ruby's Dir.glob function evaluates specific characters as metacharacters for pattern matching. These include * (match any string), ? (match any single character), [set] (match characters in a set), {p,q} (match literal strings), and \ (escape character). In the vulnerable implementation, the application does not sanitize the prefix argument before passing it to Dir.glob.

Because the prefix variable is concatenated directly with a wildcard (#{prefix}*) and passed to Dir.glob, any metacharacters injected into the prefix are evaluated by the glob engine. The resulting matched paths are subsequently iterated over and passed to FileUtils.rm_rf(path), which recursively force-deletes the files and directories.

The vulnerable code path is straightforward. The delete_prefixed method accepts a prefix argument, constructs a pattern using string interpolation, and iterates over the matches to delete them.

# Vulnerable implementation in DiskService
def delete_prefixed(prefix)
  instrument :delete_prefixed, prefix: prefix do
    Dir.glob(path_for("#{prefix}*")).each do |path|
      FileUtils.rm_rf(path)
    end
  end
end

The fix, introduced in commit 8c9676b803820110548cdb7523800db43bc6874c, addresses the vulnerability through explicit metacharacter escaping. The patch introduces a new private method, escape_glob_metacharacters, which identifies and escapes all characters treated specially by Dir.glob.

# Patch addition
def escape_glob_metacharacters(path)
  path.gsub(/[\[\]*?{}\\]/) { |c| "\\#{c}" }
end

The patched delete_prefixed method now normalizes the path, manually restores trailing slashes stripped by path resolution, escapes the glob metacharacters, and only then appends the intended wildcard.

# Patched implementation in DiskService
def delete_prefixed(prefix)
  instrument :delete_prefixed, prefix: prefix do
    prefix_path = path_for(prefix)
    prefix_path += "/" if prefix.end_with?("/")
    escaped = escape_glob_metacharacters(prefix_path)
    Dir.glob("#{escaped}*").each do |path|
      FileUtils.rm_rf(path)
    end
  end
end

This fix is assessed as complete. By utilizing a regular expression to target the exact set of metacharacters supported by Ruby's Dir.glob engine and prefixing them with a backslash, the patch prevents the glob engine from interpreting attacker-supplied characters as operational logic.

Exploitation requires the target application to accept user-controlled input that influences the blob key or prefix passed to the DiskService#delete_prefixed method. If the application uses direct user input to define custom blob keys or constructs prefixes without secondary validation, it is vulnerable.

An attacker can craft a specific file upload or API request where the assigned file key is a glob metacharacter string, such as *. When the application invokes the deletion routine for this specific blob or its variants, the DiskService executes Dir.glob against /storage_root/path/*.

The resulting operation passes every file and directory within the storage root to FileUtils.rm_rf. This results in the complete deletion of all active storage data on the local filesystem.

More granular attacks are possible depending on the attacker's knowledge of the file structure. Supplying [a-z]* targets only specific ranges of files, while ** triggers recursive deletion across nested subdirectories. The execution sequence is illustrated in the diagram below:

The vulnerability carries a CVSS 4.0 score of 6.6, mapping to a Medium severity rating. The primary driver of this score is the High Vulnerability Integrity (VI:H) metric. The attack explicitly results in data destruction by deleting files outside the authorized scope of the intended operation.

While the integrity impact is high, the vulnerability does not directly provide a path to remote code execution (RCE) or information disclosure (VC:N). The deletion scope is generally restricted to the Active Storage root directory, as the path_for method normalizes paths and resolves directory traversal attempts before the glob pattern is executed.

As of the disclosure date, the Exploit Maturity is rated as Unproven (E:U). No weaponized exploits or public proof-of-concept codes are known to be actively circulating or in use by threat actors. However, due to the low attack complexity (AC:L), developing a functional exploit is trivial if the target application's business logic exposes the vulnerable parameter.

The primary remediation strategy is to upgrade the activestorage gem to a patched version. The Rails security team has released patches across three active release branches. Organizations using Rails 8.1 should upgrade to 8.1.2.1, Rails 8.0 users should upgrade to 8.0.4.1, and Rails 7.2 users should upgrade to 7.2.3.1.

If immediate patching is not technically feasible, developers must implement strict input validation on all parameters that influence Active Storage file keys or prefixes. This validation should enforce an allowlist approach, permitting only alphanumeric characters and rejecting any input containing glob metacharacters (*, ?, [, ], {, }, \).

Security teams should monitor application logs for anomalous file deletion requests, particularly those containing asterisks or brackets in the file key parameters. Deploying file integrity monitoring (FIM) on the Active Storage root directory can also provide rapid detection if unauthorized data deletion occurs.