VDB
CVE-2026-33637
CVE-2026-33637
PUBLISHED
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping
EPSS 0.01% · 1.3th percentile
Risk Scores
EPSS Score
0.01%
1.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| lostisland | faraday | >= 2.0.0, <= 2.14.2 |
| RubyGems | faraday | 2.0.0 |
Timeline
- May 18, 2026 CVE Published
- May 20, 2026 EPSS Score
- May 20, 2026 Coalition ESS Score
- May 20, 2026 Security Advisory
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score
- May 28, 2026 EPSS Score