Unrated severityNVD Advisory· Published Mar 20, 2026· Updated Mar 24, 2026
Feast: unauthenticated arbitrary file read
CVE-2026-23536
Description
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Red Hat/Red Hat OpenShift AI (RHOAI)v5cpe:/a:redhat:openshift_ai
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2026-23536mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.