Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-e8qj-xgec-nfb2
Vulnerability ID VCID-e8qj-xgec-nfb2
Aliases CVE-2026-41486
GHSA-mw35-8rx3-xf9r
Summary Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization Ray Data registers custom Arrow extension types (`ray.data.arrow_tensor`, `ray.data.arrow_tensor_v2`, `ray.data.arrow_variable_shaped_tensor`) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls `__arrow_ext_deserialize__` on the field's metadata bytes. Ray's implementation passes these bytes directly to `cloudpickle.loads()`, achieving arbitrary code execution during schema parsing, before any row data is read. In May 2024, Ray fixed a related vulnerability in `PyExtensionType`-based extension types ([issue #41314](https://github.com/ray-project/ray/issues/41314), [PR #45084](https://github.com/ray-project/ray/pull/45084)). In July 2025, [PR #54831](https://github.com/ray-project/ray/pull/54831) introduced `cloudpickle.loads()` into the replacement extension types' deserialization path, reintroducing the same class of vulnerability. ## Impact - **Affected versions**: Ray 2.49.0 through 2.54.0 (latest release as of March 2026). The vulnerable `_deserialize_with_fallback` function with `cloudpickle.loads()` was introduced in commit `f6d21db1a4` ([PR #54831](https://github.com/ray-project/ray/pull/54831), July 2025), first released in Ray 2.49.0. - **Affected configurations**: Any process that uses Ray Data and reads Parquet files. The extension types are registered globally in PyArrow, so all Parquet reads in the process are affected, including `ray.data.read_parquet()`, `pyarrow.parquet.read_table()`, `pandas.read_parquet()`, etc. - **Attacker prerequisites**: The attacker must place a crafted Parquet file where a Ray Data pipeline reads it. No authentication or cluster access is required. The Parquet file must contain a column with a `ray.data.arrow_tensor` (or v2, or variable-shaped) extension type name, which makes this a targeted attack against Ray Data users.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-502 Deserialization of Untrusted Data
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-41486
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-41486
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-41486
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-mw35-8rx3-xf9r
cvssv4 8.9 https://github.com/ray-project/ray
generic_textual HIGH https://github.com/ray-project/ray
cvssv4 8.9 https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
generic_textual HIGH https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
ssvc Track https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
cvssv4 8.9 https://github.com/ray-project/ray/pull/54831
generic_textual HIGH https://github.com/ray-project/ray/pull/54831
cvssv4 8.9 https://github.com/ray-project/ray/pull/62056
generic_textual HIGH https://github.com/ray-project/ray/pull/62056
ssvc Track https://github.com/ray-project/ray/pull/62056
cvssv4 8.9 https://github.com/ray-project/ray/releases/tag/ray-2.55.0
generic_textual HIGH https://github.com/ray-project/ray/releases/tag/ray-2.55.0
ssvc Track https://github.com/ray-project/ray/releases/tag/ray-2.55.0
cvssv3.1_qr HIGH https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
cvssv4 8.9 https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
generic_textual HIGH https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
ssvc Track https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
cvssv4 8.9 https://nvd.nist.gov/vuln/detail/CVE-2026-41486
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-41486
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-41486
https://github.com/ray-project/ray
https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
https://github.com/ray-project/ray/pull/54831
https://github.com/ray-project/ray/pull/62056
https://github.com/ray-project/ray/releases/tag/ray-2.55.0
https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
https://nvd.nist.gov/vuln/detail/CVE-2026-41486
GHSA-mw35-8rx3-xf9r https://github.com/advisories/GHSA-mw35-8rx3-xf9r
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Found at https://github.com/ray-project/ray
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Found at https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:07:47Z/ Found at https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Found at https://github.com/ray-project/ray/pull/54831
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Found at https://github.com/ray-project/ray/pull/62056
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:07:47Z/ Found at https://github.com/ray-project/ray/pull/62056
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Found at https://github.com/ray-project/ray/releases/tag/ray-2.55.0
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:07:47Z/ Found at https://github.com/ray-project/ray/releases/tag/ray-2.55.0
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Found at https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-12T02:07:47Z/ Found at https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-41486
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.12869
EPSS Score 0.00041
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:53:11.639568+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-mw35-8rx3-xf9r/GHSA-mw35-8rx3-xf9r.json 38.6.0