57 matches found
EUVD-2026-38801
Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...
CVE-2026-56121
Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...
CVE-2026-56121
Feast
cellist (>=1.0.0 <=1.1.1), feast-py (>=0.1.7 <=1.0.1) +1 more potentially affected by unknown CVE via spateo-release (>=1.0.2 <=1.1.1)
spateo-release PYPI version =1.0.2, =1.0.0, =0.1.7, =1.0.1 - feast-sim =0.1.7 Source cves: unknown CVE Source advisory: SNYK:PYTHON-SPATEORELEASE-17220148...
cafe-release (=0.1.3), cellist (>=1.0.0 <=1.1.1) +5 more potentially affected by unknown CVE via dynamo-release (>=1.4.0 <=1.5.3)
dynamo-release PYPI version =1.4.0, =1.0.0, =0.1.7, =1.0.0, =1.1.1 Source cves: unknown CVE Source advisory: SNYK:PYTHON-DYNAMORELEASE-17220136...
CVE-2026-23537
A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...
CVE-2026-23536
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
CVE-2026-23536 Feast: unauthenticated arbitrary file read
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
CVE-2026-23536
The CVE-2026-23536 issue affects Feast Feature Server, specifically the /read-document endpoint, allowing an unauthenticated remote attacker to read any file accessible to the server process. The root cause is a bypass of access restrictions via a crafted HTTP POST request, enabling potential exp...
CVE-2026-23536
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
CVE-2026-23538
A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...
CVE-2026-23536 Feast: unauthenticated arbitrary file read
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
CVE-2026-23536
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +23 more potentially affected by CVE-2026-23538 via feast (>=0.14.1 <=0.49.0)
feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =1.0.5 and more Source cves: CVE-2026-23538 Source advisory: SNYK:PYTHON-FEAST-15857151...
cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +23 more potentially affected by CVE-2026-23537 via feast (>=0.14.1 <=0.49.0)
feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =1.0.5 and more Source cves: CVE-2026-23537 Source advisory: SNYK:PYTHON-FEAST-15857152...
Allocation of Resources Without Limits or Throttling
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the WebSocket endpoint. An attacker can exhaust server resources, including memory, CPU, and file descriptors, by establishing a large number of...
Directory Traversal
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Directory Traversal via the /read-document endpoint. An attacker can access arbitrary files accessible to the server process by sending a crafted HTTP POST request. Details A Directory Traversal attack al...
cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +23 more potentially affected by CVE-2026-23536 via feast (>=0.14.1 <=0.49.0)
feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =1.0.5 and more Source cves: CVE-2026-23536 Source advisory: SNYK:PYTHON-FEAST-15857127...
Missing Authorization
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Missing Authorization via the /save-document endpoint. An attacker can modify system files, overwrite configuration or startup scripts, or execute arbitrary code by sending crafted requests to write...
PT-2026-26683
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...