CVE-2026-23536
Feast: unauthenticated arbitrary file read
A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Red Hat · Red Hat OpenShift AI (RHOAI)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →