CVE-2026-27482

{"id": "CVE-2026-27482", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.2}]}, "published": "2026-02-21T10:16:12.380", "references": [{"url": "https://github.com/ray-project/ray/commit/0fda8b824cdc9dc6edd763bb28dfd7d1cc9b02a4", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ray-project/ray/pull/60526", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ray-project/ray/releases/tag/ray-2.54.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ray-project/ray/security/advisories/GHSA-q5fh-2hc8-f6rq", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-396"}]}], "descriptions": [{"lang": "en", "value": "Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher."}, {"lang": "es", "value": "Ray es un motor de c\u00f3mputo de IA. En las versiones 2.53.0 e inferiores, el servidor HTTP del panel de control bloquea POST/PUT de origen de navegador pero no cubre DELETE, y los endpoints DELETE clave no est\u00e1n autenticados por defecto. Si el panel de control/agente es accesible (p. ej., --dashboard-host=0.0.0.0), una p\u00e1gina web a trav\u00e9s de la reconfiguraci\u00f3n de DNS o el acceso a la misma red puede emitir solicitudes DELETE que apagan Serve o eliminan trabajos sin interacci\u00f3n del usuario. Esto supone un impacto en la disponibilidad de tipo drive-by. La soluci\u00f3n para esta vulnerabilidad es actualizar a Ray 2.54.0 o superior."}], "lastModified": "2026-03-04T18:59:13.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:anyscale:ray:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63751A45-3056-49B1-A840-35B9E6782CD1", "versionEndExcluding": "2.54.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}