Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.
AnalysisAI
The Feast Feature Server contains a path traversal vulnerability in its /read-document endpoint that allows unauthenticated remote attackers to read arbitrary files accessible to the server process, including sensitive system files, application configurations, and credentials. Red Hat OpenShift AI (RHOAI) deployments are confirmed affected across multiple versions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions — remote unauthenticated exploitation against default Feast Feature Server installations. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability presents a significant real-world risk based on multiple threat indicators. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker identifies a Red Hat OpenShift AI deployment exposing the Feast Feature Server and crafts an HTTP POST request to the `/read-document` endpoint containing path traversal sequences such as '../../../etc/passwd' or paths to application configuration files containing database credentials or API keys. The server processes this malicious request without proper validation and returns the contents of the requested file. … |
| Remediation | Organizations running affected versions of Red Hat OpenShift AI should immediately consult the official Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-23536 and apply available patches or updates as specified by the vendor. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Red Hat OpenShift AI deployments in your environment and validate which versions are running Feast Feature Server; immediately restrict network access to the /read-document endpoint to trusted sources only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Red Hat Openshift Ai Rhoai
View allKubernetes Service Account token disclosure in the odh-dashboard component of Red Hat OpenShift AI (RHOAI) lets an authe
Arbitrary file write in the Feast Feature Server's `/save-document` endpoint lets an unauthenticated remote attacker wri
Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments
Image input manipulation in vLLM's multimodal preprocessing pipeline allows remote, unauthenticated network attackers to
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13816
GHSA-9p47-cwvm-h4hj