CVE-2026-23538
HIGH
NVD
CVSS Score
7.5
Severity
HIGH
Published
Jul 16, 2026
Vendor
unknown
Description
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.