CVE-2026-32981

moderate-risk

Published 2026-03-17

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Ray

Affected Vendors

Anyscale

References (3)

Product https://github.com/ray-project/ray

Exploit https://packetstorm.news/files/id/215801/

Third Party Advisory https://www.vulncheck.com/advisories/ray-dashboard-path-traversal-leading-to-loc...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal