VDB
KO

PYSEC-2026-2273

Details

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the read_webdataset() function. The _default_decoder() function in webdataset_datasource.py unconditionally calls pickle.loads() on tar entries with .pkl/.pickle extensions and torch.load() with weights_only=False on .pt/.pth entries, executing arbitrary code inside Ray remote workers on every worker that processes the malicious archive.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / ray
Introduced in: 0 Fixed in: 2.56.0
Fix pip install --upgrade 'ray>=2.56.0'

References