GHSA-j3mh-qmjj-xp83HighCVSS 7.5

Ray Dashboard is vulnerable to path traversal through its static file handling mechanism

Published
March 17, 2026
Last Modified
June 9, 2026

🔗 CVE IDs covered (1)

📋 Description

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.

🎯 Affected products1

  • pip/ray:< 2.8.1

🔗 References (6)