CVE-2026-41486 | ray-project ray up to 2.54.x cloudpickle.loads code injection (GHSA-mw35-8rx3-xf9r)

A vulnerability described as critical has been identified in ray-project ray up to 2.54.x. The impacted element is the function cloudpickle.loads. Such manipulation leads to code injection.

This vulnerability is uniquely identified as CVE-2026-41486. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More