{}

{}

{}

{"acknowledgement": "This issue was discovered by Jitendra Yejare (Red Hat).", "bugzilla": {"description": "feast: Resource exhaustion via WebSocket endpoint", "id": "2429311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429311"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources\u2014such as memory, CPU, and file descriptors\u2014leading to a complete denial of service for legitimate users."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-23538", "package_state": [{"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-feature-server-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23538\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23538"], "statement": "This Important vulnerability in the Feast Feature Server, a component of Red Hat OpenShift AI, could allow an unauthenticated, remote attacker to establish numerous WebSocket connections. This can lead to resource exhaustion and a denial of service for legitimate users.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "openshift_ai", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-03-21T07:33:24.017564+00:00", "value": {"mitigation_remediation": ["Apply the latest Feast Feature Server patch once it is available.", "Configure infrastructure to limit concurrent WebSocket connections per client or IP, using firewall rules or load balancer policies.", "Require authentication for the /ws/chat endpoint or implement rate limiting to reduce connection churning.", "Monitor server resource metrics and set alerts for abnormal spikes in memory or CPU usage that may signal an ongoing attack."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The product affected is Feast Feature Server. No specific version information was provided, so any deployment that exposes the /ws/chat endpoint without authentication may be vulnerable.", "description_and_impact": "The flaw exists in Feast Feature Server\u2019s /ws/chat WebSocket endpoint, where authentication is not required. An attacker can open many long\u2011lived connections, consuming memory, CPU and file descriptor resources, and ultimately cause the server to become unresponsive to legitimate users. This is a classic resource exhaustion weakness, identified as CWE-770.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity risk. Although no exploit probability metric is available, the lack of authentication means the endpoint can be reached remotely with minimal prerequisites. The vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Given the ability to connect from any network source and the critical impact on availability, the likelihood of exploitation is significant."}}}}, "created": "2026-03-23T09:55:39.192193+00:00", "updated": "2026-03-24T10:35:09.231033+00:00", "vendors": ["redhat", "redhat$PRODUCT$openshift_ai"]}