CVE-2026-33241 is a denial-of-service vulnerability in the Salvo Rust web framework affecting all versions prior to 0.89.3, where form data parsing imposes no payload size limit, enabling unauthenticated OOM crashes via oversized POST bodies. EPSS is low (3.9th percentile) and no CISA KEV listing is present, but the unauthenticated attack surface and crash-level impact warrant prompt patching for any internet-facing Salvo service. Organizations should upgrade to 0.89.3 via Cargo and place affected endpoints behind a reverse proxy with enforced body size limits as an interim control if patching is delayed.