{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/red-hat-openshift-ai/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-23538"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Feast Feature Server (\u003c= 0.58.0)","Red Hat OpenShift AI"],"_cs_severities":["low"],"_cs_tags":["denial-of-service","vulnerability","websocket","resource-exhaustion","feast-feature-server"],"_cs_type":"advisory","_cs_vendors":["Feast","Red Hat"],"content_html":"\u003cp\u003eA critical vulnerability, identified as CVE-2026-23538, has been discovered in the Feast Feature Server's \u003ccode\u003e/ws/chat\u003c/code\u003e endpoint. This flaw allows remote, unauthenticated attackers to establish a high volume of persistent WebSocket connections. By repeatedly exploiting this unauthenticated access, attackers can exhaust vital server resources, including memory, CPU, and file descriptors. This resource depletion can lead to a complete denial of service (DoS) for legitimate users attempting to access the Feast Feature Server. The vulnerability affects Feast Feature Server versions prior to 0.59.0 and is categorized as a resource exhaustion issue (CWE-770). Red Hat has acknowledged this vulnerability, indicating its potential impact on deployments leveraging Red Hat OpenShift AI (RHOAI) which may include affected Feast components. This issue poses a significant threat to the availability and stability of services relying on vulnerable Feast Feature Server instances.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a publicly accessible instance of the Feast Feature Server running a vulnerable version (prior to 0.59.0).\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a large number of unauthenticated WebSocket handshake requests targeting the \u003ccode\u003e/ws/chat\u003c/code\u003e endpoint on the vulnerable server.\u003c/li\u003e\n\u003cli\u003eThe Feast Feature Server, due to the vulnerability, establishes and maintains these persistent WebSocket connections without requiring any form of authentication.\u003c/li\u003e\n\u003cli\u003eThe continuous establishment and maintenance of numerous unauthenticated connections rapidly consume the server's available resources, such as memory and CPU cycles.\u003c/li\u003e\n\u003cli\u003eThe server also exhausts its capacity for file descriptors, which are required for each open connection.\u003c/li\u003e\n\u003cli\u003eAs critical resources become depleted, the Feast Feature Server becomes unresponsive to legitimate requests, resulting in a complete denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-23538 leads to a complete denial of service for the Feast Feature Server. This means legitimate users will be unable to access feature data, disrupting critical applications and services that rely on the server. The attack exhausts server resources such as memory, CPU, and file descriptors, rendering the server inoperable. While no specific victim numbers or targeted sectors are detailed in the advisory, any organization utilizing vulnerable versions of the Feast Feature Server, especially those integrated into platforms like Red Hat OpenShift AI, is at risk of severe operational disruption and potential data pipeline failures.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-23538 immediately by upgrading Feast Feature Server to version 0.59.0 or later to mitigate the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect Unauthenticated WebSocket Connection Attempts to Feast Feature Server '/ws/chat' Endpoint\u0026quot; to your SIEM and investigate any alerts, especially in conjunction with unusually high connection rates or resource utilization on Feast servers.\u003c/li\u003e\n\u003cli\u003eImplement network-level rate limiting or connection throttling for ingress traffic targeting the Feast Feature Server's \u003ccode\u003e/ws/chat\u003c/code\u003e endpoint to prevent resource exhaustion attacks.\u003c/li\u003e\n\u003cli\u003eMonitor \u003ccode\u003ewebserver\u003c/code\u003e logs for a high volume of connections to \u003ccode\u003e/ws/chat\u003c/code\u003e from single or multiple IP addresses, particularly without expected authentication headers.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-16T01:18:43Z","date_published":"2026-07-16T01:18:43Z","id":"https://feed.craftedsignal.io/briefs/2026-07-feast-feature-server-dos/","summary":"A vulnerability (CVE-2026-23538) exists in the Feast Feature Server's /ws/chat endpoint, allowing remote attackers to establish numerous unauthenticated, persistent WebSocket connections. This exploit, a form of resource exhaustion (CWE-770), consumes server resources like memory, CPU, and file descriptors, leading to a complete denial of service for legitimate users. Affected versions are those prior to 0.59.0.","title":"Feast Feature Server Denial of Service via Unauthenticated WebSocket Connections (CVE-2026-23538)","url":"https://feed.craftedsignal.io/briefs/2026-07-feast-feature-server-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - Red Hat OpenShift AI","version":"https://jsonfeed.org/version/1.1"}