A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
Metrics
Affected Vendors & Products
References
History
Thu, 16 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | feast: Resource exhaustion via WebSocket endpoint | Feast: resource exhaustion via websocket endpoint |
| CPEs | cpe:/a:redhat:openshift_ai | |
| References |
|
Tue, 24 Mar 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat
Redhat openshift Ai |
|
| Vendors & Products |
Redhat
Redhat openshift Ai |
Sat, 21 Mar 2026 05:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users. | |
| Title | feast: Resource exhaustion via WebSocket endpoint | |
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-16T13:58:04.495Z
Reserved: 2026-01-13T19:53:18.502Z
Link: CVE-2026-23538
Updated: 2026-07-16T12:04:34.222Z
No data.
OpenCVE Enrichment
Updated: 2026-03-24T10:35:09Z