Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls __arrow_ext_deserialize__ on the field's metadata bytes. Ray's implementation passes these bytes directly to cloudpickle.loads(), achieving arbitrary code execution during schema parsing, before any row data is read. This issue has been patched in version 2.55.0.
References
| Link | Resource |
|---|---|
| https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f | Patch |
| https://github.com/ray-project/ray/pull/62056 | Issue Tracking Patch |
| https://github.com/ray-project/ray/releases/tag/ray-2.55.0 | Product Release Notes |
| https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r | Vendor Advisory |
Configurations
History
18 May 2026, 18:30
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:anyscale:ray:2.54.0:*:*:*:*:*:*:* | |
| First Time |
Anyscale ray
Anyscale |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | () https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f - Patch | |
| References | () https://github.com/ray-project/ray/pull/62056 - Issue Tracking, Patch | |
| References | () https://github.com/ray-project/ray/releases/tag/ray-2.55.0 - Product, Release Notes | |
| References | () https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r - Vendor Advisory |
08 May 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-08 22:16
Updated : 2026-05-18 18:30
NVD link : CVE-2026-41486
Mitre link : CVE-2026-41486
CVE.ORG link : CVE-2026-41486
JSON object : View
Products Affected
anyscale
- ray