Impact Analysis

This vulnerability can lead to denial-of-service (DoS) impacts by allowing attackers to remotely shut down Ray Serve or delete running jobs without authentication or user interaction.

• Availability loss due to Serve shutdown.
• Loss of running jobs caused by unauthorized DELETE requests.

There is no impact on confidentiality or code execution, but the integrity impact is low and availability impact is high. The vulnerability breaks trust assumptions for developer-only endpoints by allowing unauthenticated destructive actions.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27482 is a moderate severity vulnerability in Ray's dashboard HTTP server versions 2.53.0 and below. The vulnerability arises because while the server blocks browser-origin POST and PUT requests, it does not block DELETE requests. Key DELETE endpoints are unauthenticated by default, allowing an attacker who can reach the dashboard (e.g., if it is bound to 0.0.0.0) to issue DELETE requests from a browser via DNS rebinding or same-network access without user interaction."}, {'type': 'paragraph', 'content': 'This allows attackers to shut down Ray Serve or delete jobs, causing denial-of-service (availability) impacts. The root cause is missing authentication and insufficient HTTP method restrictions on DELETE endpoints. The fix involves upgrading to Ray version 2.54.0 or higher, where a whitelist middleware restricts browser-origin requests to safe HTTP methods only (GET, HEAD, OPTIONS), blocking DELETE and other mutating methods.'}] [1, 3, 4]

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthenticated DELETE HTTP requests to the Ray dashboard or job agent endpoints, especially those originating from browser contexts or within the same network. Key vulnerable endpoints include `/api/serve/applications/` (which triggers serve.shutdown()), `/api/jobs/{job_or_submission_id}`, and `/api/job_agent/jobs/{job_or_submission_id}`.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts, you can capture and analyze HTTP traffic targeting these endpoints, looking specifically for DELETE requests without authentication tokens.'}, {'type': 'paragraph', 'content': 'Example commands to detect such requests might include using network traffic capture tools like tcpdump or tshark with filters for DELETE methods to the relevant ports (default dashboard port) or using curl commands to test if DELETE requests are accepted without authentication.'}, {'type': 'list_item', 'content': "Using tcpdump to capture DELETE requests on port 8265 (default Ray dashboard port): tcpdump -i any -A 'tcp port 8265 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'DELETE'"}, {'type': 'list_item', 'content': 'Using curl to test DELETE request acceptance without authentication: curl -X DELETE http://<dashboard-host>:8265/api/serve/applications/ -v'}, {'type': 'list_item', 'content': 'Using browser developer tools or scripts to issue DELETE requests to the vulnerable endpoints and observe if they succeed without authentication.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

The primary and recommended mitigation is to upgrade Ray to version 2.54.0 or higher, where this vulnerability is fixed by enforcing a whitelist of allowed HTTP methods for browser-originated requests, blocking DELETE and other mutating methods.

If immediate upgrade is not possible, consider restricting network access to the Ray dashboard and job agent services by binding the dashboard to localhost or a trusted interface instead of 0.0.0.0, thereby preventing remote or same-network unauthorized access.

Additionally, enable dashboard token authentication if available, to require authentication for sensitive endpoints.

Implement network-level controls such as firewall rules to block DELETE HTTP requests or restrict access to the dashboard ports.

Useful 0 Not Useful 0