Login Sign Up

CVE-2026-27482

5.9 MEDIUM
Authentication Bypass Denial of Service

📋 TL;DR

This vulnerability in Ray AI compute engine allows unauthenticated DELETE requests to critical endpoints when the dashboard is exposed. Attackers can shut down Serve deployments or delete jobs via drive-by attacks using DNS rebinding or network access. Systems running Ray 2.53.0 or below with dashboard exposed are affected.

💻 Affected Systems

Products:
  • Ray AI compute engine
Versions: 2.53.0 and below
Operating Systems: All platforms running Ray
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when dashboard is exposed (e.g., --dashboard-host=0.0.0.0). Default configuration may expose dashboard depending on deployment.

📦 What is this software?

Ray by Anyscale

View all CVEs affecting Ray →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of AI workloads through deletion of Serve deployments and jobs, causing significant availability impact and potential data loss.

🟠

Likely Case

Targeted attacks shutting down specific AI services or jobs, causing operational disruption and requiring redeployment.

🟢

If Mitigated

Minimal impact if dashboard is not exposed or proper network segmentation is in place.

🌐 Internet-Facing: HIGH - Dashboard exposed to internet allows drive-by attacks via DNS rebinding without user interaction.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems on same network can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP DELETE requests to vulnerable endpoints. DNS rebinding or same-network access enables exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.54.0 or higher

Vendor Advisory: https://github.com/ray-project/ray/security/advisories/GHSA-q5fh-2hc8-f6rq

Restart Required: Yes

Instructions:

1. Update Ray using pip: 'pip install --upgrade ray==2.54.0' 2. Restart all Ray services and processes 3. Verify dashboard endpoints now require authentication

🔧 Temporary Workarounds

Restrict Dashboard Access

all

Limit dashboard exposure to trusted networks only

ray start --dashboard-host=127.0.0.1
ray start --dashboard-host=<trusted-ip>

Network Segmentation

linux

Place Ray dashboard behind firewall with strict access controls

iptables -A INPUT -p tcp --dport 8265 -s <trusted-network> -j ACCEPT
iptables -A INPUT -p tcp --dport 8265 -j DROP

🧯 If You Can't Patch

  • Implement strict network access controls to isolate Ray dashboard from untrusted networks
  • Deploy web application firewall (WAF) to block unauthorized DELETE requests to Ray endpoints

🔍 How to Verify

Check if Vulnerable:

Check Ray version: 'ray --version' and verify if dashboard is exposed on network interfaces

Check Version:

ray --version

Verify Fix Applied:

Test DELETE requests to dashboard endpoints (e.g., /api/serve/deployments/) - should return authentication error in 2.54.0+

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated DELETE requests to /api/serve/ or /api/jobs/ endpoints
  • Unexpected job deletions or Serve shutdown events

Network Indicators:

  • HTTP DELETE requests to Ray dashboard port (default 8265) from unauthorized sources
  • Multiple DELETE requests in short timeframe

SIEM Query:

source="ray-dashboard" AND (method="DELETE" AND (uri_path="/api/serve/*" OR uri_path="/api/jobs/*")) AND NOT user_authenticated=true

📊 Metadata

CVE ID: CVE-2026-27482
CVSS v3 Score: 5.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE: CWE-396
Published: February 21, 2026
Last Updated: March 4, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON