How serious is CVE-2026-27482?

This vulnerability has a CVSS score of 8.2 out of 10, classified as HIGH severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-27482?

CVE-2026-27482 affects anyscale ray. Check the full CVE details for specific version information.

How do I fix CVE-2026-27482?

To remediate CVE-2026-27482, check for security patches from anyscale. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-27482

High

|8.2

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

An attacker can send unauthorized DELETE requests to the Ray dashboard, potentially shutting down services or deleting jobs without any user interaction, if the dashboard is exposed to the internet or accessible on the same network. This vulnerability affects versions 2.53.0 and below, so it's crucial to update to version 2.54.0 or higher to protect against this risk.

Technical Description

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactLow

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$3,526($1K-$5K)

Vendor Response

Grade APatched in 3 days

Quick Information

Published

Feb 21, 2026

about 2 months ago

Last Modified

Feb 24, 2026

about 1 month ago

Vendor

anyscale

Product

ray