Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3a7663d43d advisory.

    New version 2.19.2 is released. This fixes a format string injection vulnerability in JSON.parse, which is     now assigned as CVE-2026-33210

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8c07fcde49 advisory.

    This new updates backports a fix for a format string injection vulnerability in JSON.parse, which is now     assigned as CVE-2026-33210

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2,     and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information     disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents.
    This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2. (CVE-2026-33210)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
304041	Fedora 44 : rubygem-json (2026-3a7663d43d)	Nessus	Fedora Local Security Checks	high
303923	Fedora 43 : rubygem-json (2026-8c07fcde49)	Nessus	Fedora Local Security Checks	high
303258	Linux Distros Unpatched Vulnerability : CVE-2026-33210	Nessus	Misc.	high

Detections

Analytics

CVE-2026-33210

high

Tenable Plugins

high

high

high