Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-wjjq-cmu6-sqbb
Vulnerability ID VCID-wjjq-cmu6-sqbb
Aliases CVE-2023-48022
GHSA-6wgj-66m2-xxp2
Summary Ray has arbitrary code execution via jobs submission API Anyscale Ray allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CWE-918 Server-Side Request Forgery (SSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.92192 https://api.first.org/data/v1/epss?cve=CVE-2023-48022
epss 0.92192 https://api.first.org/data/v1/epss?cve=CVE-2023-48022
cvssv3.1 9.8 https://atlas.mitre.org/studies/AML.CS0023
generic_textual CRITICAL https://atlas.mitre.org/studies/AML.CS0023
ssvc Track* https://atlas.mitre.org/studies/AML.CS0023
cvssv3.1 9.8 https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
generic_textual CRITICAL https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
ssvc Track* https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
cvssv3.1 9.8 https://console.vulncheck.com/cve/CVE-2023-48022
generic_textual CRITICAL https://console.vulncheck.com/cve/CVE-2023-48022
cvssv3.1 9.8 https://docs.ray.io/en/latest/ray-security/index.html
generic_textual CRITICAL https://docs.ray.io/en/latest/ray-security/index.html
ssvc Track* https://docs.ray.io/en/latest/ray-security/index.html
cvssv3.1 9.8 https://docs.ray.io/en/latest/ray-security/token-auth.html
generic_textual CRITICAL https://docs.ray.io/en/latest/ray-security/token-auth.html
ssvc Track* https://docs.ray.io/en/latest/ray-security/token-auth.html
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-6wgj-66m2-xxp2
cvssv3.1 9.8 https://github.com/advisories/GHSA-xg2h-7cxj-3gvh
generic_textual CRITICAL https://github.com/advisories/GHSA-xg2h-7cxj-3gvh
cvssv3.1 9.8 https://github.com/honysyang/Ray
generic_textual CRITICAL https://github.com/honysyang/Ray
cvssv3.1 9.8 https://github.com/ray-project/ray
generic_textual CRITICAL https://github.com/ray-project/ray
cvssv3.1 9.8 https://github.com/ray-project/ray/commit/978947083b1e192dba61ef653c863b11d56b0936
generic_textual CRITICAL https://github.com/ray-project/ray/commit/978947083b1e192dba61ef653c863b11d56b0936
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-48022
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2023-48022
cvssv3.1 9.8 https://www.anyscale.com/blog/update-on-ray-cve-2023-48022-new-verification-tooling-available
generic_textual CRITICAL https://www.anyscale.com/blog/update-on-ray-cve-2023-48022-new-verification-tooling-available
cvssv3.1 9.8 https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
generic_textual CRITICAL https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
cvssv3.1 9.8 https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
generic_textual CRITICAL https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
ssvc Track* https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
cvssv3.1 9.8 https://www.vicarius.io/vsociety/posts/the-story-of-shadowray-cve-2023-48022
generic_textual CRITICAL https://www.vicarius.io/vsociety/posts/the-story-of-shadowray-cve-2023-48022
cvssv3.1 9.8 https://www.vulncheck.com/blog/initial-access-intelligence-august-2024
generic_textual CRITICAL https://www.vulncheck.com/blog/initial-access-intelligence-august-2024
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48022.json
https://api.first.org/data/v1/epss?cve=CVE-2023-48022
https://atlas.mitre.org/studies/AML.CS0023
https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
https://docs.ray.io/en/latest/ray-security/index.html
https://docs.ray.io/en/latest/ray-security/token-auth.html
https://github.com/honysyang/Ray
https://github.com/ray-project/ray
https://github.com/ray-project/ray/commit/978947083b1e192dba61ef653c863b11d56b0936
https://www.anyscale.com/blog/update-on-ray-cve-2023-48022-new-verification-tooling-available
https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
https://www.vicarius.io/vsociety/posts/the-story-of-shadowray-cve-2023-48022
https://www.vulncheck.com/blog/initial-access-intelligence-august-2024
2387122 https://bugzilla.redhat.com/show_bug.cgi?id=2387122
CVE-2023-48022 https://console.vulncheck.com/cve/CVE-2023-48022
CVE-2023-48022 https://nvd.nist.gov/vuln/detail/CVE-2023-48022
GHSA-6wgj-66m2-xxp2 https://github.com/advisories/GHSA-6wgj-66m2-xxp2
GHSA-xg2h-7cxj-3gvh https://github.com/advisories/GHSA-xg2h-7cxj-3gvh
RHSA-2025:23078 https://access.redhat.com/errata/RHSA-2025:23078
RHSA-2025:23079 https://access.redhat.com/errata/RHSA-2025:23079
RHSA-2025:23080 https://access.redhat.com/errata/RHSA-2025:23080
RHSA-2026:3461 https://access.redhat.com/errata/RHSA-2026:3461
Data source Metasploit
Description RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication.
Note 
Stability:
  - crash-safe
SideEffects:
  - artifacts-on-disk
  - ioc-in-logs
Reliability:
  - repeatable-session
Ransomware campaign use Unknown
Source publication date Nov. 15, 2023
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/ray_agent_job_rce.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://atlas.mitre.org/studies/AML.CS0023
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-03-29T04:00:12Z/ Found at https://atlas.mitre.org/studies/AML.CS0023
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-03-29T04:00:12Z/ Found at https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://console.vulncheck.com/cve/CVE-2023-48022
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://docs.ray.io/en/latest/ray-security/index.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-03-29T04:00:12Z/ Found at https://docs.ray.io/en/latest/ray-security/index.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://docs.ray.io/en/latest/ray-security/token-auth.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-03-29T04:00:12Z/ Found at https://docs.ray.io/en/latest/ray-security/token-auth.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-xg2h-7cxj-3gvh
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/honysyang/Ray
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ray-project/ray
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ray-project/ray/commit/978947083b1e192dba61ef653c863b11d56b0936
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-48022
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.anyscale.com/blog/update-on-ray-cve-2023-48022-new-verification-tooling-available
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-03-29T04:00:12Z/ Found at https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.vicarius.io/vsociety/posts/the-story-of-shadowray-cve-2023-48022
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.vulncheck.com/blog/initial-access-intelligence-august-2024
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99729
EPSS Score 0.92192
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:46:26.616118+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2023-48022.yml 38.6.0