CVE-2026-23536

Name of the Vulnerable Software and Affected Versions Feast Feature Server (affected versions not specified)

Description A security issue exists in the Feast Feature Server that allows an unauthenticated remote attacker to read any file accessible to the server process. This is exploitable through the /read-document API endpoint by sending a specially crafted HTTP POST request, bypassing intended access restrictions. This could lead to the retrieval of sensitive system files, application configurations, and credentials. The root cause is flawed access controls. Exploitation of this issue can enable low-privileged users to gain cluster admin rights, potentially leading to full hybrid cloud compromise, data exfiltration, and AI workload disruption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.