CVE-2026-41486: CWE-94: Improper Control of Generation of Code ('Code Injection') in ray-project ray
CVE-2026-41486 is a high-severity code injection vulnerability in ray-project's Ray AI compute engine versions 2. 54. 0 up to but not including 2. 55. 0. The issue arises because Ray registers custom Arrow extension types globally in PyArrow, and when PyArrow reads a Parquet file containing these types, it invokes a deserialization method that uses cloudpickle. loads() directly on untrusted metadata bytes. This allows arbitrary code execution during schema parsing before any row data is processed. The vulnerability has been patched in version 2. 55.
AI Analysis
Technical Summary
Ray versions 2.54.0 to before 2.55.0 register custom Arrow extension types globally in PyArrow. When PyArrow reads a Parquet file with these extension types, it calls __arrow_ext_deserialize__ on the metadata bytes. Ray's implementation passes these bytes directly to cloudpickle.loads(), enabling arbitrary code execution during schema parsing. This vulnerability is identified as CWE-94 (Improper Control of Generation of Code) and CWE-502 (Deserialization of Untrusted Data). The issue is fixed in Ray version 2.55.0.
Potential Impact
An attacker can achieve arbitrary code execution on a system processing malicious Parquet files with crafted metadata, exploiting the deserialization process before any data rows are read. This can lead to full system compromise or unauthorized actions within the context of the Ray process. The CVSS 4.0 score is 8.9, indicating high severity with network attack vector, low attack complexity, and partial user interaction required.
Mitigation Recommendations
This vulnerability is patched in Ray version 2.55.0. Users should upgrade to version 2.55.0 or later to remediate this issue. No official remediation level or temporary fix is indicated beyond upgrading. Patch status is confirmed by the vendor advisory stating the fix is included in 2.55.0. Until upgrading, avoid processing untrusted Parquet files containing the affected Arrow extension types.
CVE-2026-41486: CWE-94: Improper Control of Generation of Code ('Code Injection') in ray-project ray
Description
CVE-2026-41486 is a high-severity code injection vulnerability in ray-project's Ray AI compute engine versions 2. 54. 0 up to but not including 2. 55. 0. The issue arises because Ray registers custom Arrow extension types globally in PyArrow, and when PyArrow reads a Parquet file containing these types, it invokes a deserialization method that uses cloudpickle. loads() directly on untrusted metadata bytes. This allows arbitrary code execution during schema parsing before any row data is processed. The vulnerability has been patched in version 2. 55.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Ray versions 2.54.0 to before 2.55.0 register custom Arrow extension types globally in PyArrow. When PyArrow reads a Parquet file with these extension types, it calls __arrow_ext_deserialize__ on the metadata bytes. Ray's implementation passes these bytes directly to cloudpickle.loads(), enabling arbitrary code execution during schema parsing. This vulnerability is identified as CWE-94 (Improper Control of Generation of Code) and CWE-502 (Deserialization of Untrusted Data). The issue is fixed in Ray version 2.55.0.
Potential Impact
An attacker can achieve arbitrary code execution on a system processing malicious Parquet files with crafted metadata, exploiting the deserialization process before any data rows are read. This can lead to full system compromise or unauthorized actions within the context of the Ray process. The CVSS 4.0 score is 8.9, indicating high severity with network attack vector, low attack complexity, and partial user interaction required.
Mitigation Recommendations
This vulnerability is patched in Ray version 2.55.0. Users should upgrade to version 2.55.0 or later to remediate this issue. No official remediation level or temporary fix is indicated beyond upgrading. Patch status is confirmed by the vendor advisory stating the fix is included in 2.55.0. Until upgrading, avoid processing untrusted Parquet files containing the affected Arrow extension types.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-20T16:14:19.007Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fe5e60cbff5d8610336e6d
Added to database: 5/8/2026, 10:06:24 PM
Last enriched: 5/8/2026, 10:21:34 PM
Last updated: 5/9/2026, 1:22:33 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.