- CVE: CVE-2026-23537
- CVSS: 9.1 (Critical · CVSSv3)
- Product: Feast Feature Server
- Affected: < 0.59.0
- Impact: Feast: unauthenticated arbitrary file write
- Status: No confirmed exploitation yet
- Patched in: 0.59.0
- EPSS: 0.6% (30-day)
- Action: Update to 0.59.0 now
A critical flaw in the Feast Feature Server carries a CVSS score of 9.1. The bug, tracked as CVE-2026-23537, sits in the /save-document endpoint. It lets an unauthenticated attacker write arbitrary JSON files to disk.
Why This Feast Feature Server Flaw Matters
Feast is a widely used open-source feature store for machine learning. Teams rely on it to serve data for model training and online inference. As a result, the server often sits near sensitive data pipelines.
The vulnerable endpoint needs no credentials. Therefore, any attacker with network access can reach it. That low bar makes exposed deployments a real concern.
How the Attack Works
In short, this is an unauthenticated arbitrary file write bug. The /save-document endpoint accepts document data over the network. Feast tries to limit where those files land. However, an attacker can bypass those path restrictions.
Once the checks fall, the attacker writes files to chosen paths. They can overwrite application configs or startup scripts. In turn, that opens the door to unauthorized changes, disk exhaustion, or remote code execution.
Exploitation Status
No public exploit code or in-the-wild abuse has been confirmed. Still, the low complexity and missing authentication call for a fast response.
Affected Versions
The flaw affects the Feast Feature Server through its /save-document endpoint. The advisory does not pin one fixed version here. So confirm the patched build before you update.
Patch and Mitigation
Upgrade Feast to the latest secure release as soon as the fix is confirmed. Meanwhile, block public access to the Feature Server. Restrict the endpoint to trusted networks, and add authentication at the proxy layer. You can track the fix on the official Red Hat advisory for this CVE.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.