Description
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
Published: 2026-07-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title feast: Resource exhaustion via WebSocket endpoint Feast: resource exhaustion via websocket endpoint
CPEs cpe:/a:redhat:openshift_ai
References

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat openshift Ai
Vendors & Products Redhat
Redhat openshift Ai

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
Title feast: Resource exhaustion via WebSocket endpoint
Weaknesses CWE-770
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important


Subscriptions

Redhat Openshift Ai
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-16T13:58:04.495Z

Reserved: 2026-01-13T19:53:18.502Z

Link: CVE-2026-23538

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-20T00:00:00Z

Links: CVE-2026-23538 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:35:09Z

Weaknesses