CVE Catalog

CVE-2026-57516

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile — higher than 38% of all known CVEs

Summary

Ray prior to version 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader. An attacker can achieve remote code execution by supplying a malicious tar archive to the read_webdataset() function. The _default_decoder() function in webdataset_datasource.py unconditionally calls pickle.loads() on tar entries with .pkl/.pickle extensions and torch.load() with weights_only=False on .pt/.pth entries, executing arbitrary code inside Ray remote workers.

Risk Assessment

The risk for the organization includes full compromise of the Ray cluster by a remote attacker, potentially leading to data theft, service disruption, or lateral movement within the infrastructure.

Recommendation

Upgrade Ray to version 2.56.0 or later immediately. If an upgrade is not possible, restrict access to the read_webdataset() function to trusted data sources only.

Original NVD description (English source)

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the read_webdataset() function. The _default_decoder() function in webdataset_datasource.py unconditionally calls pickle.loads() on tar entries with .pkl/.pickle extensions and torch.load() with weights_only=False on .pt/.pth entries, executing arbitrary code inside Ray remote workers on every worker that processes the malicious archive.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS