CVE-2026-32981
Received Received - Intake
Path Traversal in Ray Dashboard Allows Local File Disclosure

Publication date: 2026-03-17

Last updated on: 2026-03-19

Assigner: VulnCheck

Description
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-17
Last Modified
2026-03-19
Generated
2026-05-07
AI Q&A
2026-03-17
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32981
EUVD
EUVD-2026-12635
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anyscale ray to 2.8.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-32981 is a path traversal vulnerability found in Ray Dashboard versions prior to 2.8.1. It occurs because the software does not properly validate or sanitize user-supplied file paths in its static file handling mechanism. This flaw allows an attacker to use traversal sequences like "../" to navigate outside the intended static directory and access local files that should be protected.'}] [2]


How can this vulnerability impact me? :

This vulnerability can lead to local file disclosure, meaning an attacker can remotely access sensitive files on the system running the Ray Dashboard without any authentication or user interaction. The impact is primarily on confidentiality, as sensitive information stored in files outside the intended directory can be exposed.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Ray Dashboard to version 2.8.1 or later, as the issue is fixed in these versions.

Additionally, consider restricting access to the Ray Dashboard service (default port 8265) to trusted networks or users to reduce exposure.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart