CVE-2026-41486
Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls __arrow_ext_deserialize__ on the field's metadata bytes. Ray's implementation passes these bytes directly to cloudpickle.loads(), achieving arbitrary code execution during schema parsing, before any row data is read. This issue has been patched in version 2.55.0.
| CWE | CWE-94 CWE-502 |
| Vendor | ray-project |
| Product | ray |
| Published | May 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for ray-project ray
Be the first to know when new unknown vulnerabilities affecting ray-project ray are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
ray-project / ray
>= 2.54.0, < 2.55.0
References
github.com: https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r github.com: https://github.com/ray-project/ray/pull/62056 github.com: https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f github.com: https://github.com/ray-project/ray/releases/tag/ray-2.55.0