CVE-2026-41486

Name of the Vulnerable Software and Affected Versions Ray versions 2.49.0 through 2.54.0

Description Ray Data registers custom Arrow extension types (ray.data.arrow tensor, ray.data.arrow tensor v2, and ray.data.arrow variable shaped tensor) globally in PyArrow. When PyArrow reads a Parquet file containing these extension types, it invokes the arrow ext deserialize function on the metadata bytes of the field. The implementation passes these bytes directly to cloudpickle.loads(), which allows for arbitrary code execution during schema parsing before any row data is processed. This affects any process using Ray Data that reads Parquet files, including those using ray.data.read parquet(), pyarrow.parquet.read table(), or pandas.read parquet(). An attacker can exploit this by providing a crafted Parquet file containing a column with one of the affected extension type names.

Recommendations Update Ray to version 2.55.0.