CVE-2026-41486
HIGH
8,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: active
Confidentiality: N/A
Integrity: N/A
Availability: N/A
Description
AI Translation Available
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls __arrow_ext_deserialize__ on the field's metadata bytes. Ray's implementation passes these bytes directly to cloudpickle.loads(), achieving arbitrary code execution during schema parsing, before any row data is read. This issue has been patched in version 2.55.0.
94
Improper Control of Generation of Code ('Code Injection')
DraftCommon Consequences
Security Scopes Affected:
Access Control
Integrity
Confidentiality
Availability
Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Hide Activities
Applicable Platforms
Languages:
Interpreted
Technologies:
AI/ML
502
Deserialization of Untrusted Data
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Other
Potential Impacts:
Modify Application Data
Unexpected State
Dos: Resource Consumption (Cpu)
Varies By Context
Applicable Platforms
Languages:
Java, JavaScript, PHP, Python, Ruby
Technologies:
AI/ML, ICS/OT, Not Technology-Specific
https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d3045…
https://github.com/ray-project/ray/pull/62056
https://github.com/ray-project/ray/releases/tag/ray-2.55.0
https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r