{"api_version":"1","generated_at":"2026-07-09T06:26:36+00:00","cve":"CVE-2026-32981","urls":{"html":"https://cve.report/CVE-2026-32981","api":"https://cve.report/api/cve/CVE-2026-32981.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-32981","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-32981"},"summary":{"title":"Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure","description":"A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.","state":"PUBLISHED","assigner":"VulnCheck","published_at":"2026-03-17 20:16:14","updated_at":"2026-06-30 03:18:35"},"problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":[{"version":"4.0","source":"disclosure@vulncheck.com","type":"Secondary","score":"8.7","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"8.7","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"ADP","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"disclosure@vulncheck.com","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:5809","name":"https://access.redhat.com/errata/RHSA-2026:5809","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:6761","name":"https://access.redhat.com/errata/RHSA-2026:6761","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32981.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32981.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-32981","name":"https://access.redhat.com/security/cve/CVE-2026-32981","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://packetstorm.news/files/id/215801/","name":"https://packetstorm.news/files/id/215801/","refsource":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:24977","name":"https://access.redhat.com/errata/RHSA-2026:24977","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.vulncheck.com/advisories/ray-dashboard-path-traversal-leading-to-local-file-disclosure","name":"https://www.vulncheck.com/advisories/ray-dashboard-path-traversal-leading-to-local-file-disclosure","refsource":"disclosure@vulncheck.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/ray-project/ray","name":"https://github.com/ray-project/ray","refsource":"disclosure@vulncheck.com","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448440","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2448440","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:19712","name":"https://access.redhat.com/errata/RHSA-2026:19712","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:6762","name":"https://access.redhat.com/errata/RHSA-2026:6762","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-32981","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32981","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"ray-project","product":"Ray","version":"affected 2.8.1 semver","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","version":"","platforms":[]}],"timeline":[{"source":"ADP","time":"2026-03-17T20:01:37.453Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-03-17T19:33:50.107Z","lang":"en","value":"Made public."}],"solutions":[{"source":"ADP","title":"","value":"RHSA-2026:6761: Red Hat AI Inference Server 3.2","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:5809: Red Hat AI Inference Server 3.2","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:6762: Red Hat AI Inference Server 3.2","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:24977: Red Hat OpenShift AI 2.25","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:19712: Red Hat OpenShift AI 3.3","time":"","lang":"en"}],"workarounds":[{"source":"ADP","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"indoushka","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"32981","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"anyscale","cpe5":"ray","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"32981","cve":"CVE-2026-32981","epss":"0.009290000","percentile":"0.561900000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-32981","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-03-17T20:26:39.443658Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-17T20:28:01.758Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"defaultStatus":"affected","product":"Red Hat AI Inference Server 3.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 2.25","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 3.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"}],"datePublic":"2026-03-17T19:33:50.107Z","descriptions":[{"lang":"en","value":"A path traversal flaw has been identified in Ray Dashboard in the Ray Pypi package. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:46:16.812Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-32981"},{"name":"RHBZ#2448440","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448440"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32981.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6761"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:5809"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:6762"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19712"}],"solutions":[{"lang":"en","value":"RHSA-2026:6761: Red Hat AI Inference Server 3.2"},{"lang":"en","value":"RHSA-2026:5809: Red Hat AI Inference Server 3.2"},{"lang":"en","value":"RHSA-2026:6762: Red Hat AI Inference Server 3.2"},{"lang":"en","value":"RHSA-2026:24977: Red Hat OpenShift AI 2.25"},{"lang":"en","value":"RHSA-2026:19712: Red Hat OpenShift AI 3.3"}],"timeline":[{"lang":"en","time":"2026-03-17T20:01:37.453Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-17T19:33:50.107Z","value":"Made public."}],"title":"ray: Ray Dashboard Path Traversal Leading to Local File Disclosure","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"collectionURL":"https://github.com/ray-project/ray","defaultStatus":"unaffected","product":"Ray","vendor":"ray-project","versions":[{"lessThan":"2.8.1","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"indoushka"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.</p>"}],"value":"A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-17T19:39:03.074Z","orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck"},"references":[{"tags":["exploit"],"url":"https://packetstorm.news/files/id/215801/"},{"tags":["product"],"url":"https://github.com/ray-project/ray"},{"name":"VulnCheck Advisory: Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/ray-dashboard-path-traversal-leading-to-local-file-disclosure"}],"source":{"discovery":"UNKNOWN"},"title":"Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure","x_generator":{"engine":"Vulnogram 1.0.0"}}},"cveMetadata":{"assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","assignerShortName":"VulnCheck","cveId":"CVE-2026-32981","datePublished":"2026-03-17T19:33:50.107Z","dateReserved":"2026-03-17T11:31:56.956Z","dateUpdated":"2026-06-30T02:46:16.812Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-17 20:16:14","lastModifiedDate":"2026-06-30 03:18:35","problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-17T20:26:39.443658Z","id":"CVE-2026-32981","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anyscale:ray:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.1","matchCriteriaId":"FB70DB40-46E9-4A23-A07E-412BA8591EC4"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"32981","Ordinal":"1","Title":"Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disc","CVE":"CVE-2026-32981","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"32981","Ordinal":"1","NoteData":"A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.","Type":"Description","Title":"Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disc"}]}}}