Primary

Context

Ray Dashboard Path Traversal Vulnerability Leading to Local File Disclosure

Vulnerability

A path traversal vulnerability exists in Ray Dashboard versions prior to 2.8.1, specifically on the default port 8265. The vulnerability arises from inadequate validation and sanitization of user-supplied file paths in the static file handling process. This flaw allows attackers to manipulate path traversal sequences, such as '../', to access files outside the designated static directory, resulting in unauthorized local file disclosure.

Impact

Exploitation of this vulnerability allows for local file inclusion, where an attacker can access sensitive files on the server.

Reproduction

To reproduce this vulnerability, send a request to the Ray Dashboard on port 8265 with a path traversal payload that includes '../' sequences. This can be done using a simple PHP script that targets the vulnerability by accessing files outside the intended directory.

Remediation

Users are advised to update Ray Dashboard to version 2.8.1 or later, where this vulnerability has been addressed.

Added: Mar 17, 2026, 8:21 PM

Updated: Mar 17, 2026, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ray Dashboard Path Traversal Vulnerability Leading to Local File Disclosure

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Ray

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating