PT-2026-54710 · Unknown · Feast Feature Server

Jitendra Yejare

+1

·

Published

2026-07-01

·

Updated

2026-07-10

·

CVE-2026-23537

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions Feast Feature Server (affected versions not specified)
Description An unauthenticated remote attacker can write arbitrary JSON files to the server filesystem via the /save-document endpoint. The issue stems from improper input validation that allows a path restriction bypass, enabling the attacker to escape the intended save directory and overwrite critical application configurations or startup scripts. This could result in unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution if the written files are subsequently executed or loaded by the server.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /save-document endpoint to minimize the risk of exploitation.

RCE

DoS

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-23537

Affected Products

Feast Feature Server