CVE-2026-32981

Name of the Vulnerable Software and Affected Versions Ray versions prior to 2.8.1

Description A path traversal issue exists in Ray Dashboard (default port 8265). Insufficient validation and sanitization of user-supplied paths within the static file handling mechanism allows an attacker to use traversal sequences (e.g., ../) to access files outside the intended static directory, leading to local file disclosure. The vulnerable component is the static file handling mechanism. The API endpoint is not explicitly mentioned. The vulnerable parameter is the user-supplied path.

Recommendations Update to Ray version 2.8.1 or later.