CVE-2026-23536

Description

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.

References

• https://access.redhat.com/security/cve/CVE-2026-23536
• https://bugzilla.redhat.com/show_bug.cgi?id=2429302