CVE-2026-23536 - Vulnerability Details - OpenCVE

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift Ai

No data.

No data.

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-23536
https://bugzilla.redhat.com/show_bug.cgi?id=2429302

History

Fri, 20 Mar 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.
Title		Feast: unauthenticated arbitrary file read
First Time appeared		Redhat Redhat openshift Ai
Weaknesses		CWE-22
CPEs		cpe:/a:redhat:openshift_ai
Vendors & Products		Redhat Redhat openshift Ai
References		https://access.redhat.com/security/cve/CVE-2026-23536 https://bugzilla.redhat.com/show_bug.cgi?id=2429302
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-03-20T21:58:47.338Z

Updated: 2026-03-20T21:58:47.338Z

Reserved: 2026-01-13T19:53:18.501Z

Link: CVE-2026-23536

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-20T22:16:27.087

Modified: 2026-03-20T22:16:27.087

Link: CVE-2026-23536

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23536", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-01-13T19:53:18.501Z", "datePublished": "2026-03-20T21:58:47.338Z", "dateUpdated": "2026-03-20T21:58:47.338Z"}, "containers": {"cna": {"title": "Feast: unauthenticated arbitrary file read", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-feature-server-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:openshift_ai"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-23536", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429302", "name": "RHBZ#2429302", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-03-20T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2026-01-13T19:27:40.765Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-20T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Jitendra Yejare (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-20T21:58:47.338Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}