Description
Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to embed a malicious serialized Python object with an arbitrary __reduce__ method to execute OS commands as the feast service account.
Published: 2026-06-24
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in Feast's handling of the user_defined_function.body field in an OnDemandFeatureView specification. The field is base64 decoded and directly deserialized using dill.loads() before any authorization verification, allowing an attacker to craft a malicious serialized Python object containing an arbitrary __reduce__ method. Successful exploitation results in arbitrary OS command execution under the feast service account, compromising confidentiality, integrity, and availability of all data processed by the registry server.

Affected Systems

Feast versions prior to 0.63.0 are affected. This includes all deployments of the feast registry server that expose the ApplyFeatureView gRPC endpoint, across all operating environments where Feast 0.63.0 or earlier is installed.

Risk and Exploitability

The CVSS score of 9.3 signifies critical severity. Although EPSS is not available, the lack of an authentication check and direct remote code execution capability imply a high likelihood of exploitation in environments where the gRPC interface is reachable from untrusted networks. The vulnerability is not listed in the CISA KEV catalog, but the attack surface remains significant for any publicly exposed Feast registry.

Generated by OpenCVE AI on June 24, 2026 at 16:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to feast 0.63.0 or later, which removes the unsafe deserialization path.
  • Prior to patching, block or restrict the ApplyFeatureView gRPC method so that only authenticated, authorized users can invoke it.
  • Apply network segmentation or firewall rules to limit external access to the Feast registry service until the update is complete.

Generated by OpenCVE AI on June 24, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Feast-dev
Feast-dev feast
Vendors & Products Feast-dev
Feast-dev feast

Wed, 24 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 24 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Description Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to embed a malicious serialized Python object with an arbitrary __reduce__ method to execute OS commands as the feast service account.
Title Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Feast-dev Feast
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-24T16:03:10.790Z

Reserved: 2026-06-18T19:15:10.651Z

Link: CVE-2026-56121

cve-icon Vulnrichment

Updated: 2026-06-24T16:03:06.729Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:40:43Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data