What is CVE-2026-27482?

### Summary Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. ### Details - Middleware: python/ray/dashboard/http_server_head.py#get_browsers_no_post_put_middleware only checks POST/PUT via is_browser_request (UA/Origin/Sec-Fetch heuristics). DELETE is not gated. - Endpoints lacking browser protection/auth by default: - python/ray/dashboard/modules/serve/serve_head.py: @routes.delete("/api/serve/applications/") calls serve.shutdown(). - python/ray/dashboard/modules/job/job_head.py: @routes.delete("/api/jobs/{job_or_submission_id}"). - python/ray/dashboard/modules/job/job_agent.py: @routes.delete("/api/job_agent/jobs/{job_or_submission_id}") (not wrapped with deny_browser_requests either). - Dashboard token auth is optional and off by default; binding to 0.0.0.0 is common for remote access. ### PoC Prereqs: dashboard reachable (e.g., ray start --head --dashboard-host=0.0.0.0), no token auth. 1. Start Serve (or have jobs present). 2. From any browser-reachable origin (DNS rebinding or same-LAN page), issue a DELETE fetch: ``` fetch("http:// :8265/api/serve/applications/", { method: "DELETE", headers: { "User-Agent": "Mozilla/5.0" } // browsers set this automatically }); ``` Result: Serve shuts down. 3) Similarly, delete jobs: ` fetch("http:// :8265/api/jobs/ ", { method: "DELETE" });` ` fetch("http:// :52365/api/job_agent/jobs/ ", { method: "DELETE" });` Browsers will send the Mozilla UA and Origin/Sec-Fetch headers, but DELETE is not blocked by the middleware, so the requests succeed. ### Impact - Availability loss: Serve shutdown; job deletion. Triggerable via drive-by browser requests if the dashboard/agent ports are reachable and auth is disabled (default). - No code execution from this vector, but breaks isolation/trust assumptions for “developer-only” endpoints. ### Fix The fix for this vulnerability is to update to Ray 2.54.0 or higher. Fix PR: https://github.com/ray-project/ray/pull/60526

What is the severity of CVE-2026-27482?

CVE-2026-27482 has a CVSS v3 score of 6.5, which is classified as Medium severity.

Is there an exploit available for CVE-2026-27482?

No known public exploits are currently available for CVE-2026-27482.

Is there a patch available for CVE-2026-27482?

Yes, patches are available for CVE-2026-27482. Check the vendor advisories for update instructions.

CVE-2026-27482 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v36.5

CVSS v20.0

Priority Score344.0

EPSS Score0.0

Medium

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

6.5

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Summary

Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact.

Details

Middleware: python/ray/dashboard/http_server_head.py#get_browsers_no_post_put_middleware only checks POST/PUT via is_browser_request (UA/Origin/Sec-Fetch heuristics). DELETE is not gated.
Endpoints lacking browser protection/auth by default:
- python/ray/dashboard/modules/serve/serve_head.py: @routes.delete("/api/serve/applications/") calls serve.shutdown().
- python/ray/dashboard/modules/job/job_head.py: @routes.delete("/api/jobs/{job_or_submission_id}").
- python/ray/dashboard/modules/job/job_agent.py: @routes.delete("/api/job_agent/jobs/{job_or_submission_id}") (not wrapped with deny_browser_requests either).
Dashboard token auth is optional and off by default; binding to 0.0.0.0 is common for remote access.

PoC

Prereqs: dashboard reachable (e.g., ray start --head --dashboard-host=0.0.0.0), no token auth.

Start Serve (or have jobs present).
From any browser-reachable origin (DNS rebinding or same-LAN page), issue a DELETE fetch:

fetch("http://<dashboard-host>:8265/api/serve/applications/", {
    method: "DELETE",
    headers: { "User-Agent": "Mozilla/5.0" }  // browsers set this automatically
  });

Result: Serve shuts down. 3) Similarly, delete jobs:

fetch("http://<dashboard-host>:8265/api/jobs/<job_or_submission_id>", { method: "DELETE" }); fetch("http://<dashboard-agent>:52365/api/job_agent/jobs/<job_or_submission_id>", { method: "DELETE" });

Browsers will send the Mozilla UA and Origin/Sec-Fetch headers, but DELETE is not blocked by the middleware, so the requests succeed.

Impact

Availability loss: Serve shutdown; job deletion. Triggerable via drive-by browser requests if the dashboard/agent ports are reachable and auth is disabled (default).

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:High

Privileges Required:Network

User Interaction:Network

Scope:Unchanged

Confidentiality:Network

Integrity:Local

Availability:High

Patch References

Github.com Github.com Security [email protected]

Ready for Agentic Automated Testing?

CVE-2026-27482

Summary

Details

PoC

Impact

Fix