Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NAnyscale Ray
APPAnyscale2.6.32.8.0
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
Related vulnerabilities
CVE-2023-48022CRITICAL9.8PL βten sam produkt
Anyscale Ray β RCE przez API przesyΕania zadaΕ (job submission API)
CVE-2026-41486HIGH8.9ten sam produkt
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow ext...
CVE-2026-32981HIGH8.7ten sam produkt
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2....
CVE-2026-27482MEDIUM5.9ten sam produkt
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST...