Back to overview

CVE-2026-23538

HIGH
7.5
CVSS 3.1
Description
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.

Metadata

CVE ID
CVE-2026-23538
State
PUBLISHED
Assigner
redhat
Reserved
2026-01-13 19:53 UTC
Published
2026-07-16 00:10 UTC
Last updated
2026-07-16 00:10 UTC
Primary CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Vendor / Product
Feast / Feast Feature Server
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products (15)
VendorProductPlatformVersions
Feast Feast Feature Server 0 < 0.59.0
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Red Hat Red Hat OpenShift AI (RHOAI)
Weakness (CWE)
CWESourceDescription
CWE-770 cna Allocation of Resources Without Limits or Throttling
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Back to overview