Today we were informed of a low-severity vulnerability in the bcrypt-ruby gem. We worked with the maintainers to arrange a fix. Upgrading is recommended.
CVE-2026-33306: Integer Overflow Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
github.com/bcrypt-ruby/...
github.com
### Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this ...
