2 matches found
CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...
Ray 安全漏洞
Ray is an open-source framework developed by ray-project, designed to extend AI and Python applications. Versions of Ray prior to 2.53.0 contain security vulnerabilities. These vulnerabilities stem from the fact that the dashboard’s HTTP server does not cover the DELETE method, and the critical...