AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-q5fh-2hc8-f6rq: Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

mediumvulnerability

security

Source: GitHub Advisory DatabaseFebruary 20, 2026CVE-2026-27482

Summary

Ray's dashboard HTTP server (a web interface for monitoring Ray clusters) doesn't block DELETE requests from browsers, even though it blocks POST and PUT requests. This allows someone on the same network or using DNS rebinding (tricking a domain to point to a local address) to shut down Serve (Ray's serving system) or delete jobs without authentication, since token-based auth is disabled by default. The attack requires no user interaction beyond visiting a malicious webpage.

Solution / Mitigation

Update to Ray 2.54.0 or higher. Fix PR: https://github.com/ray-project/ray/pull/60526

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

DoS

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedInference

Affected Vendors

Affected Packages

ray@< 2.54.0 (fixed: 2.54.0)

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 20, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 92%