CVE-2026-23536

HIGH 7.5

Feast: unauthenticated arbitrary file read

CVSS Score

7.5

EPSS Score

0.1%

EPSS Percentile

21th

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.

CWE	CWE-22
Vendor	red hat
Product	red hat openshift ai (rhoai)
Published	Mar 20, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for red hat red hat openshift ai (rhoai)

Be the first to know when new high vulnerabilities affecting red hat red hat openshift ai (rhoai) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None