CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/20 10:16 p.m.•5 views

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS0.00106EPSS

CVE•added 2026/03/20 9:58 p.m.•3 views

CVE-2026-23536

The CVE-2026-23536 issue affects Feast Feature Server, specifically the /read-document endpoint, allowing an unauthenticated remote attacker to read any file accessible to the server process. The root cause is a bypass of access restrictions via a crafted HTTP POST request, enabling potential exp...

RedhatCVE•added 2026/03/20 9:58 p.m.•2 views

CVE-2026-23538

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS5.7AI score

ATTACKERKB•added 2026/03/20 9:58 p.m.•1 views

CVE-2026-23536

Vulnrichment•added 2026/03/20 9:58 p.m.•1 views

CVE-2026-23536 Feast: unauthenticated arbitrary file read

Cvelist•added 2026/03/20 9:58 p.m.•18 views

CVE-2026-23536 Feast: unauthenticated arbitrary file read

7.5CVSS0.00106EPSS

RedhatCVE•added 2026/03/20 9:58 p.m.•2 views

CVE-2026-23536

7.5CVSS5.8AI score0.00106EPSS

vulnersOsv•added 2026/03/20 12:0 a.m.•2 views

cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +19 more potentially affected by CVE-2026-23537 via feast (>=0.14.1 <=0.49.0)

feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =1.0.5 and more Source cves: CVE-2026-23537 Source advisory: SNYK:PYTHON-FEAST-15857152...

5.8AI score

Positive Technologies•added 2026/03/20 12:0 a.m.•1 views

PT-2026-26683

vulnersOsv•added 2026/03/20 12:0 a.m.•1 views

Exploits0References5

cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +19 more potentially affected by CVE-2026-23538 via feast (>=0.14.1 <=0.49.0)

feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =1.0.5 and more Source cves: CVE-2026-23538 Source advisory: SNYK:PYTHON-FEAST-15857151...

5.8AI score

vulnersOsv•added 2026/03/20 12:0 a.m.•2 views

cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +19 more potentially affected by CVE-2026-23536 via feast (>=0.14.1 <=0.49.0)

feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =1.0.5 and more Source cves: CVE-2026-23536 Source advisory: SNYK:PYTHON-FEAST-15857127...

7.5CVSS5.8AI score0.00106EPSS

Snyk•added 2026/03/20 12:0 a.m.•0 views

Missing Authorization

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Missing Authorization via the /save-document endpoint. An attacker can modify system files, overwrite configuration or startup scripts, or execute arbitrary code by sending crafted requests to write...

9.1CVSS6.2AI score

Snyk•added 2026/03/20 12:0 a.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the WebSocket endpoint. An attacker can exhaust server resources, including memory, CPU, and file descriptors, by establishing a large number of...

8.7CVSS5.9AI score

Snyk•added 2026/03/20 12:0 a.m.•0 views

Directory Traversal

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Directory Traversal via the /read-document endpoint. An attacker can access arbitrary files accessible to the server process by sending a crafted HTTP POST request. Details A Directory Traversal attack al...

8.7CVSS6.5AI score0.00106EPSS

Veracode•added 2026/01/07 7:23 a.m.•3 views

Remote Code Execution (RCE)

feast is vulnerable to remote code execution RCE. The vulnerability is due to the use of yaml.load..., Loader=yaml.Loader to deserialize configuration YAML files before validation, which allows an attacker who can modify these files to instantiate arbitrary Python objects and execute OS commands ...

7.8CVSS8.2AI score0.00218EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/01/02 7:34 a.m.•3 views

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.3AI score0.00218EPSS

Exploits0References1

vulnersOsv•added 2026/01/01 9:30 a.m.•1 views

cbtham-feast-az-provider (>=0.2.299b0 <=0.2.302), elemeno-ai-sdk (>=0.0.77 <=0.6.11) +19 more potentially affected by CVE-2025-11157 via feast (>=0.14.1 <=0.49.0)

feast PYPI version =0.14.1, =0.2.299b0, =0.0.77, =0.0.1, =0.2.2, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.1.33, =1.0.5 and more Source cves: CVE-2025-11157 Source advisory: OSV:GHSA-34WM-4HW7-QFJV...

7.8CVSS7.1AI score0.00218EPSS