top of page
perceptive_background_267k.jpg

Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce …

Published:

23 maart 2026 om 23:00:00

Alert date:

24 maart 2026 om 20:06:33

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

CVE-2026-33241 affects Salvo, a Rust web framework, in versions prior to 0.89.3. The vulnerability exists in the form data parsing implementations (form_data() method and Extractible macro) which do not enforce payload size limits before reading request bodies into memory. This lack of size validation allows attackers to send extremely large payloads causing Out-of-Memory (OOM) conditions. The vulnerability leads to service crashes and denial of service attacks. A patch is available in version 0.89.3 that addresses this memory exhaustion issue.

Technical details

Mitigation steps:

Affected products:

Salvo

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33241
https://github.com/salvo-rs/salvo/releases/tag/v0.89.3
https://github.com/salvo-rs/salvo/security/advisories/GHSA-pp9r-xg4c-8j4x

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page