Description
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher.
Published: 2026-02-21
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via unauthenticated deletes
Action: Update immediately
AI Analysis

Impact

Ray, an AI compute engine, has a notable vulnerability in its dashboard HTTP server. The server blocks browser‑origin POST and PUT requests but leaves DELETE unprotected, and the critical DELETE endpoints are unauthenticated out of the box. When a dashboard or agent instance is publicly reachable, an attacker can trigger these DELETE calls from a browser, causing the Serve component to shut down or removing jobs from the system without any user interaction.

Affected Systems

All Ray deployments that expose the dashboard host to 0.0.0.0 or otherwise allow network access and run version 2.53.0 or earlier are affected. The issue is corrected in Ray version 2.54.0 and higher, which implements authentication for delete endpoints and restricts access to the dashboard host.

Risk and Exploitability

The CVSS score of 5.9 marks this flaw as medium severity, while the EPSS score of less than 1 % indicates a low likelihood of exploitation at present. Attackers who can reach the dashboard—through DNS rebinding, same‑network exposure, or a publicly accessible host—can issue unauthenticated DELETE requests to shut down Serve or delete jobs, leading to a denial of service. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog.

Generated by OpenCVE AI on April 17, 2026 at 16:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ray to version 2.54.0 or newer, which adds authentication to the deleted endpoints and restricts dashboard exposure.
  • Configure the dashboard host to listen only on localhost or to a trusted internal subnet, preventing unauthenticated access from external networks.
  • Disable or remove the DELETE endpoints from the dashboard API if the upgrade cannot be applied immediately, acting as a temporary mitigation.

Generated by OpenCVE AI on April 17, 2026 at 16:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-q5fh-2hc8-f6rq Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
History

Thu, 26 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Anyscale
Anyscale ray
CPEs cpe:2.3:a:anyscale:ray:*:*:*:*:*:*:*:*
Vendors & Products Anyscale
Anyscale ray

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Ray Project
Ray Project ray
Vendors & Products Ray Project
Ray Project ray

Sat, 21 Feb 2026 09:30:00 +0000

Type Values Removed Values Added
Description Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher.
Title Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
Weaknesses CWE-396
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Anyscale Ray
Ray Project Ray
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-24T18:52:03.874Z

Reserved: 2026-02-19T19:46:03.540Z

Link: CVE-2026-27482

cve-icon Vulnrichment

Updated: 2026-02-24T18:51:56.304Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-21T10:16:12.380

Modified: 2026-03-04T18:59:13.370

Link: CVE-2026-27482

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:00:10Z

Weaknesses