Ray-project Ray
4 CVEs affecting Ray-project Ray. Latest disclosed: 2026-05-08. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41486 | High | 8.8 | 2026-05-08 | Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arr… |
CVE-2026-32981 | High | 7.5 | 2026-03-17 | A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization… |
CVE-2026-27482 | Medium | 5.9 | 2026-02-21 | Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE en… |
CVE-2025-62593 | | 2025-11-26 | Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability explo… |