CVE-2026-31866
HIGH
GHSA-rmrf-g9r3-73pm
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and gRPC (evaluation.v1, evaluation.v2) endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context included in request payloads is read into memory without any size restriction. An attacker can send a single HTTP request with an arbitrarily large body, causing flagd to allocate a corresponding amount of memory. This leads to immediate memory exhaustion and process termination (e.g., OOMKill in Kubernetes environments). flagd does not natively enforce authentication on its evaluation endpoints. While operators may deploy flagd behind an authenticating reverse proxy or similar infrastructure, the endpoints themselves impose no access control by default. This vulnerability is fixed in 0.14.2.
Analysis
Kubernetes flagd feature flag daemon versions before 0.14.2 are vulnerable to denial of service through unbounded memory allocation on publicly accessible evaluation endpoints. An unauthenticated attacker can send HTTP requests with arbitrarily large payloads to exhaust memory and crash the service. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of flagd in use and their versions; determine if any run version <0.14.2 and are internet-accessible. Within 7 days: Implement network-level mitigations (WAF rules limiting request body size, rate limiting, network segmentation) and monitor for suspicious traffic patterns. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today