EUVD-2026-13816
GHSA-9p47-cwvm-h4hj
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Tags
Description
A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.
Analysis
The Feast Feature Server contains a path traversal vulnerability in its `/read-document` endpoint that allows unauthenticated remote attackers to read arbitrary files accessible to the server process, including sensitive system files, application configurations, and credentials. Red Hat OpenShift AI (RHOAI) deployments are confirmed affected across multiple versions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Red Hat OpenShift AI deployments in your environment and validate which versions are running Feast Feature Server; immediately restrict network access to the `/read-document` endpoint to trusted sources only. Within 7 days: Implement Web Application Firewall (WAF) rules to block path traversal attempts on the endpoint; conduct an audit of file system permissions to limit what the server process can access; review logs for suspicious `/read-document` requests. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today