CVE-2026-41486
HIGH EPSS 37.4%
Published May 8, 20261mo ago · Modified Jun 17, 20261w ago
8.9 CVSS 4.0
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls __arrow_ext_deserialize__ on the field's metadata bytes. Ray's implementation passes these bytes directly to cloudpickle.loads(), achieving arbitrary code execution during schema parsing, before any row data is read. This issue has been patched in version 2.55.0.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X
Threat Intelligence
EPSS Exploit Probability
37.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-502 Deserialization of Untrusted Data Validation
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| anyscale | ray | 2.54.0 | any |
References 4
- github.com https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
- github.com https://github.com/ray-project/ray/pull/62056
- github.com https://github.com/ray-project/ray/releases/tag/ray-2.55.0
- github.com https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
Remediation
- github.com https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
- github.com https://github.com/ray-project/ray/pull/62056