CVE-2026-32981

描述

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.

受影響套件(1)

• PyPI/rayfrom 0, < 2.8.1

CVSS 分數

參考連結(3)

• ADVISORYhttps://www.vulncheck.com/advisories/ray-dashboard-path-traversal-leading-to-local-file-disclosure
• EXPLOIThttps://packetstorm.news/files/id/215801/
• PATCHhttps://github.com/ray-project/ray