Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | feast: Resource exhaustion via WebSocket endpoint | Feast: resource exhaustion via websocket endpoint |
| CPEs | cpe:/a:redhat:openshift_ai | |
| References |
|
Tue, 24 Mar 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat
Redhat openshift Ai |
|
| Vendors & Products |
Redhat
Redhat openshift Ai |
Sat, 21 Mar 2026 05:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users. | |
| Title | feast: Resource exhaustion via WebSocket endpoint | |
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-16T13:58:04.495Z
Reserved: 2026-01-13T19:53:18.502Z
Link: CVE-2026-23538
No data.
No data.
OpenCVE Enrichment
Updated: 2026-03-24T10:35:09Z