Ray 2.49.0 < 2.55.0 Remote Code Execution (CVE-2026-41486)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(311475);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/13");

  script_cve_id("CVE-2026-41486");
  script_xref(name:"IAVB", value:"2026-B-0110");

  script_name(english:"Ray 2.49.0 < 2.55.0 Remote Code Execution (CVE-2026-41486)");

  script_set_attribute(attribute:"synopsis", value:
"A Python library installed on the remote host is affected by a remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Ray installed on the remote host is >= 2.49.0 and prior to 2.55.0. It is, therefore, affected by a
remote code execution vulnerability:

  - Ray Data registers custom Arrow extension types globally in PyArrow. When PyArrow reads a Parquet file
    containing one of these extension types, it calls __arrow_ext_deserialize__ on the field's metadata bytes.
    Ray's implementation passes these bytes directly to cloudpickle.loads(), achieving arbitrary code execution
    during schema parsing, before any row data is read. An attacker can craft a malicious Parquet file that,
    when read by any Ray Data pipeline, executes arbitrary code as the Ray worker process user.
    (CVE-2026-41486)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://github.com/docker/model-runner/security/advisories/GHSA-x2f5-332j-9xwq
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ca9ae58f");
  script_set_attribute(attribute:"see_also", value:"https://www.miggo.io/vulnerability-database/cve/CVE-2026-41486");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Ray version 2.55.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-41486");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/02");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:anyscale:ray");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Artificial Intelligence");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("raydashboard_local_detect.nbin", "ray_dashboard_detect.nbin");
  script_require_keys("installed_sw/Ray");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Ray', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'min_version': '2.49.0', 'fixed_version': '2.55.0'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);