CVE-2026-23537 - Vulnerability Details

- feast: Unauthenticated Arbitrary File Write

Description

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution.

Published: n/a

Score: 9.1 Critical

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Feast Feature Server’s /save-document endpoint permits an unauthenticated user to write arbitrary JSON files onto the server’s filesystem. The application’s intended file location restrictions can be bypassed, allowing an attacker to overwrite critical configuration files or startup scripts. This can result in unauthorized system modifications, denial of service through disk exhaustion, or even remote code execution if executable scripts are overwritten.

Affected Systems

All deployments of the Feast Feature Server are potentially affected. The vulnerability targets the /save-document functionality and no specific product versions are disclosed, so any instance of this component should be treated as at risk.

Risk and Exploitability

The CVSS score of 9.1 indicates critical severity, and because no authentication or privilege is required, the risk of exploitation is high for any network‑reachable attacker. The EPSS score is not available, but the lack of credentials or special permissions strongly suggests a high likelihood of exploitation. The vulnerability is not currently listed in CISA’s catalog of known exploited vulnerabilities, but its characteristics make it a high‑risk target. The likely attack vector is an unauthenticated HTTP request to the /save-document endpoint with minimal prerequisites beyond network access.

No data.

Vendor Product Confidence Versions

Redhat

Openshift Ai

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Feast Feature Server patch that fixes the unauthenticated arbitrary file write issue
Restrict access to the /save-document endpoint to trusted IP addresses or networks
Remove or restrict write permissions from directories used for configuration or startup scripts
If the endpoint is not required, disable it in the application configuration
Configure the web server to enforce file type restrictions and sanitize input paths
Monitor logs for unexpected file creation or modification attempts
As a temporary workaround, block unauthenticated traffic to the endpoint using a firewall rule

Generated by OpenCVE AI on March 21, 2026 at 07:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2026-23537
https://www.cve.org/CVERecord?id=CVE-2026-23537

History

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat openshift Ai
Vendors & Products		Redhat Redhat openshift Ai

Sat, 21 Mar 2026 05:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution.
Title		feast: Unauthenticated Arbitrary File Write
Weaknesses		CWE-862
References		https://nvd.nist.gov/vuln/detail/CVE-2026-23537 https://www.cve.org/CVERecord?id=CVE-2026-23537
Metrics	threat_severity `None`	cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}` threat_severity `Critical`

Subscriptions

Redhat Openshift Ai

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Critical

Publid Date: 2026-03-20T00:00:00Z

Links: CVE-2026-23537 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-24T10:35:10Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object