A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
History

Thu, 16 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title feast: Resource exhaustion via WebSocket endpoint Feast: resource exhaustion via websocket endpoint
CPEs cpe:/a:redhat:openshift_ai
References

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat openshift Ai
Vendors & Products Redhat
Redhat openshift Ai

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
Title feast: Resource exhaustion via WebSocket endpoint
Weaknesses CWE-770
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-16T13:58:04.495Z

Reserved: 2026-01-13T19:53:18.502Z

Link: CVE-2026-23538

cve-icon Vulnrichment

Updated: 2026-07-16T12:04:34.222Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-20T00:00:00Z

Links: CVE-2026-23538 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:35:09Z