Skip to main content

Feast Feature Server CVE-2026-23538

| EUVDEUVD-2026-44838 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-07-16 redhat GHSA-gmv6-fcfc-3372
7.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (redhat) PRIMARY
HIGH
qualitative
NVD
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Network-reachable /ws/chat with no auth or interaction and low complexity gives AV:N/AC:L/PR:N/UI:N; resource exhaustion is availability-only, so C:N/I:N/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Red Hat
7.5 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch available
Jul 16, 2026 - 02:02 EUVD
Source Code Evidence Fetched
Jul 16, 2026 - 01:13 vuln.today
Analysis Generated
Jul 16, 2026 - 01:13 vuln.today
CVE Published
Jul 16, 2026 - 00:10 cve.org
HIGH 7.5

DescriptionNVD

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources-such as memory, CPU, and file descriptors-leading to a complete denial of service for legitimate users.

AnalysisAI

Denial of service in the Feast Feature Server (the Python feature-store serving component, also shipped within Red Hat OpenShift AI/RHOAI) lets remote unauthenticated attackers exhaust host resources through its /ws/chat WebSocket endpoint. Because the endpoint accepts unlimited concurrent connections and unbounded message traffic, opening many simultaneous sockets drains memory, CPU, and file descriptors until legitimate clients are locked out. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Feature Server network endpoint
Delivery
Open many concurrent /ws/chat WebSocket connections
Exploit
Hold sockets open, stream traffic
Execution
Exhaust memory, CPU, file descriptors
Impact
Deny service to legitimate users

Vulnerability AssessmentAI

Exploitation The exploit requires only network reachability to the Feature Server's `/ws/chat` WebSocket endpoint, which per the CVSS vector (PR:N/UI:N) accepts unauthenticated connections against affected default builds and requires no user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base 7.5) is internally consistent with the description: network-reachable, low-complexity, no privileges, no user interaction, and availability-only impact with zero confidentiality or integrity loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the Feature Server's HTTP port opens thousands of persistent connections to `/ws/chat`, none of which require credentials, and holds them open while streaming traffic. Server memory, CPU, and file descriptors are consumed until the process can no longer accept connections from legitimate ML applications, producing a sustained outage. …
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - apply the change from https://github.com/red-hat-data-services/feast/pull/192, which enforces a maximum of 5 concurrent WebSocket connections, a 4096-byte message-size cap, a 60-messages-per-minute rate limit, and a 60-second read timeout, and additionally requires authentication (inject_user_details) on `/read-document` and `/save-document`. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Feast Feature Server instances and Red Hat OpenShift AI deployments; identify which are Internet-facing or accessible from untrusted networks; monitor system resource utilization (memory, CPU, file descriptors) for anomalies. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

CVE-2026-23538 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy