HIGHCVE-2026-23536Published Modified CNA redhat
CVE-2026-23536: Feast: unauthenticated arbitrary file read
A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 14
Affected packages
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
- Red Hat / Red Hat OpenShift AI (RHOAI)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences