CVE-2026-32981
- EPSS 0.08%
- Veröffentlicht 17.03.2026 19:33:50
- Zuletzt bearbeitet 19.03.2026 19:25:48
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal...
CVE-2026-27482
- EPSS 0.05%
- Veröffentlicht 21.02.2026 09:18:26
- Zuletzt bearbeitet 04.03.2026 18:59:13
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashbo...
CVE-2023-48023
- EPSS 89.19%
- Veröffentlicht 28.11.2023 08:15:07
- Zuletzt bearbeitet 21.11.2024 08:31:00
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
CVE-2023-48022
- EPSS 92.19%
- Veröffentlicht 28.11.2023 08:15:06
- Zuletzt bearbeitet 17.12.2025 17:15:47
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of ...