🔐 CVE Alert

CVE-2026-23538

HIGH 7.5

Feast: resource exhaustion via websocket endpoint

CVSS Score
7.5
EPSS Score
0.7%
EPSS Percentile
50th

A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.

CWE CWE-770
Vendor feast
Product feast feature server
Published Jul 16, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for feast feast feature server

Be the first to know when new high vulnerabilities affecting feast feast feature server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Feast / Feast Feature Server
0 < 0.59.0
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected
Red Hat / Red Hat OpenShift AI (RHOAI)
All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗
access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-23538 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2429311 github.com: https://github.com/red-hat-data-services/feast/pull/192 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23538.json

Credits

This issue was discovered by Jitendra Yejare (Red Hat).