CVE-2026-27482 affects the Ray AI compute engine, specifically versions 2.53.0 and earlier. The vulnerability arises because the dashboard HTTP server blocks browser-origin POST and PUT requests but fails to block DELETE requests. Moreover, critical DELETE endpoints are unauthenticated by default, meaning that if the dashboard or agent is reachable on a network interface (for example, if launched with --dashboard-host=0.0.0.0), an attacker can send DELETE requests to the dashboard. These requests can shut down the Serve component or delete running jobs, causing denial of service. The attack vector includes DNS rebinding or direct same-network access, enabling a malicious web page or attacker on the local network to perform these actions without user authentication or explicit user interaction beyond visiting a malicious page. The vulnerability is classified under CWE-396, which relates to the declaration of catch for generic exceptions, indicating a design flaw in error handling or access control. The CVSS v3.1 score is 5.9 (medium), reflecting network attack vector, high attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and high availability impact. The fix involves updating Ray to version 2.54.0 or later, where these endpoints are properly secured and DELETE requests are blocked or authenticated. No public exploits are known at this time, but the vulnerability poses a risk to availability in exposed deployments.

The primary impact of CVE-2026-27482 is on availability. Attackers can remotely cause denial of service by shutting down the Serve component or deleting jobs managed by Ray’s dashboard without authentication. This can disrupt AI workloads, data processing pipelines, and any dependent services, potentially causing operational downtime and loss of computational progress. Since the vulnerability does not affect confidentiality and only has a low impact on integrity, the main concern is service disruption. Organizations relying on Ray for AI compute tasks, especially those exposing the dashboard to untrusted networks or the internet, face increased risk of drive-by attacks that can interrupt critical AI services. This could affect research, production AI systems, and cloud-based AI platforms. The ease of exploitation is limited by the need for network access or DNS rebinding, but no authentication or complex privileges are required, making it a significant risk in misconfigured environments.

To mitigate CVE-2026-27482, organizations should immediately upgrade all Ray deployments to version 2.54.0 or later, where the vulnerability is fixed. Additionally, administrators should ensure that the dashboard and agent interfaces are not exposed to untrusted networks; bind the dashboard to localhost or internal IPs rather than 0.0.0.0. Implement network-level controls such as firewalls or VPNs to restrict access to the dashboard. Disable or restrict DELETE HTTP methods on the dashboard server if possible. Monitor network traffic for suspicious DELETE requests targeting the dashboard endpoints. Employ DNS rebinding protections in browsers and network infrastructure to prevent malicious web pages from exploiting this vector. Finally, review and harden authentication and authorization mechanisms for all management interfaces to prevent unauthenticated access.