Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Unauthenticated network endpoint with bypassable path checks gives AV:N/AC:L/PR:N; arbitrary write yields I:H and disk-exhaustion A:H, with no read so C:N.
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution.
AnalysisAI
Arbitrary file write in the Feast Feature Server's /save-document endpoint lets an unauthenticated remote attacker write attacker-controlled JSON to the host filesystem, bypassing the endpoint's path restrictions to overwrite application configuration or startup scripts. Because no credentials are required (CVSS 9.1, PR:N), any network-reachable attacker can corrupt system integrity, cause denial of service through disk exhaustion, or potentially achieve remote code execution. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the Feast Feature Server's HTTP `/save-document` endpoint, and nothing more: no credentials, tokens, or user interaction (AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals align on high priority: the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) describes a network-reachable, low-complexity, unauthenticated write with high integrity and availability impact (C:N/I:H/A:H), scoring 9.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the Feature Server over the network sends a crafted HTTP request to `/save-document` with a manipulated file path that bypasses the location restrictions, writing a malicious JSON file over an application config or startup script. On the next service restart or config reload the tampered file is consumed, degrading integrity, exhausting disk, or executing attacker-influenced logic. … |
| Remediation | Upstream fix available (PR/commit); released patched version not independently confirmed - the code fix is tracked in https://github.com/red-hat-data-services/feast/pull/192, and Red Hat OpenShift AI users should consult https://access.redhat.com/security/cve/CVE-2026-23537 and bug https://bugzilla.redhat.com/show_bug.cgi?id=2429304 for the RHOAI errata and exact fixed release once published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Feast Feature Server instances and assess network exposure; determine if any RHOAI deployments are impacted. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Red Hat Openshift Ai Rhoai
View allKubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authe
The Feast Feature Server contains a path traversal vulnerability in its `/read-document` endpoint that allows unauthenti
Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments
Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40997
GHSA-4m9c-5f58-453x