Ray-Project Ray vulnerabilities
4 known vulnerabilities affecting ray-project/ray.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-62593P2CRITICALCVSS 9.4Exploitedfixed in 2.52.02025-11-26
CVE-2025-62593 [CRITICAL] CWE-94 CVE-2025-62593: Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development t
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mo
nvd
CVE-2026-41486P3HIGHCVSS 8.8v>= 2.54.0, < 2.55.02026-05-08
CVE-2026-41486 [HIGH] CWE-94 CVE-2026-41486: Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls __arrow_ext_deserialize__ on the fiel
nvd
CVE-2026-32981P3HIGHCVSS 7.5fixed in 2.8.12026-03-17
CVE-2026-32981 [HIGH] CWE-22 CVE-2026-32981: A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions p
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file di
nvd
CVE-2026-27482P3MEDIUMCVSS 6.5fixed in 2.54.02026-02-21
CVE-2026-27482 [MEDIUM] CWE-396 CVE-2026-27482: Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-o
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that
nvd