CVE-2026-41486
HIGHRay: Remote Code Execution via Parquet Arrow Extension Type Deserialization
Title source: cnaDescription
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls __arrow_ext_deserialize__ on the field's metadata bytes. Ray's implementation passes these bytes directly to cloudpickle.loads(), achieving arbitrary code execution during schema parsing, before any row data is read. This issue has been patched in version 2.55.0.
References (4)
Core 4
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/ray-project/ray/security/advisories/GHSA-mw35-8rx3-xf9r
X_Refsource_Misc x_refsource_misc
https://github.com/ray-project/ray/pull/62056
X_Refsource_Misc x_refsource_misc
https://github.com/ray-project/ray/commit/c02bd31ae31996805868baa446a131a8d304525f
X_Refsource_Misc x_refsource_misc
https://github.com/ray-project/ray/releases/tag/ray-2.55.0
Scores
CVSS v3
8.8
EPSS
0.0003
EPSS Percentile
9.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
CWE-94
Status
published
Products (3)
anyscale/ray
2.54.0
pypi/ray
2.49.0 - 2.55.0PyPI
ray-project/ray
>= 2.54.0, < 2.55.0
Published
May 08, 2026
Tracked Since
May 09, 2026