CVE-2023-48022

CRITICAL EXPLOITED NUCLEI

Anyscale Ray 2.6.3 and 2.8.0 - Remote Code Execution via Job Submission API

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-48022 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including jakabakos, 0x656565, sierrabearchell, byt3bl33d3r <[email protected]>, Takahiro Yokoyama, including a Metasploit module exploits/linux/http/ray_agent_job_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-48022, a remote command execution vulnerability in the Ray framework's job submission API. The exploit includes both a Python script and a Metasploit module to execute arbitrary commands on vulnerable Ray instances.

Description

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. (Also, within that environment, customers at version 2.52.0 and later can choose to use token authentication.)

Exploits (3)

nomisec WORKING POC 6 stars
by jakabakos · remote
https://github.com/jakabakos/ShadowRay-RCE-PoC-CVE-2023-48022

This repository contains a functional exploit for CVE-2023-48022, a remote command execution vulnerability in the Ray framework's job submission API. The exploit includes both a Python script and a Metasploit module to execute arbitrary commands on vulnerable Ray instances.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Ray framework versions up to 2.8.0
No auth needed
Prerequisites: Access to the Ray cluster's job submission API endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by 0x656565 · remote
https://github.com/0x656565/CVE-2023-48022

This repository contains a functional exploit for CVE-2023-48022, leveraging Ray's job submission API to execute arbitrary commands on a remote Ray cluster. The exploit submits a job that reads a file from the target system, demonstrating remote code execution (RCE).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Ray (AI framework) with vulnerable job submission API
No auth needed
Prerequisites: Access to a vulnerable Ray cluster's job submission endpoint · Network connectivity to the target cluster
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by sierrabearchell, byt3bl33d3r <[email protected]>, Takahiro Yokoyama · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ray_agent_job_rce.rb

This Metasploit module exploits an RCE vulnerability in Ray via the agent job submission endpoint, which lacks authentication by default. It submits arbitrary commands through the API to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Ray (versions up to 2.6.3)
No auth needed
Prerequisites: Network access to the Ray agent API (default port 8265) · Ray version <= 2.6.3
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Anyscale Ray - Remote Code Execution
CRITICALVERIFIEDby riteshs4hu
Shodan: http.favicon.hash:463802404 || http.html:"ray dashboard"
FOFA: icon_hash=463802404 || body="ray dashboard"

References (6)

Core 6

Scores

CVSS v3 9.8
EPSS 0.9219
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-03-26
CWE
CWE-918
Status published
Products (3)
anyscale/ray 2.6.3
anyscale/ray 2.8.0
pypi/ray 0PyPI
Published Nov 28, 2023
Tracked Since Feb 18, 2026