<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Feast - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/feast/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Thu, 16 Jul 2026 01:18:43 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/feast/feed.xml" rel="self" type="application/rss+xml"/><item><title>Feast Feature Server Denial of Service via Unauthenticated WebSocket Connections (CVE-2026-23538)</title><link>https://feed.craftedsignal.io/briefs/2026-07-feast-feature-server-dos/</link><pubDate>Thu, 16 Jul 2026 01:18:43 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-feast-feature-server-dos/</guid><description>A vulnerability (CVE-2026-23538) exists in the Feast Feature Server's /ws/chat endpoint, allowing remote attackers to establish numerous unauthenticated, persistent WebSocket connections. This exploit, a form of resource exhaustion (CWE-770), consumes server resources like memory, CPU, and file descriptors, leading to a complete denial of service for legitimate users. Affected versions are those prior to 0.59.0.</description><content:encoded><![CDATA[<p>A critical vulnerability, identified as CVE-2026-23538, has been discovered in the Feast Feature Server's <code>/ws/chat</code> endpoint. This flaw allows remote, unauthenticated attackers to establish a high volume of persistent WebSocket connections. By repeatedly exploiting this unauthenticated access, attackers can exhaust vital server resources, including memory, CPU, and file descriptors. This resource depletion can lead to a complete denial of service (DoS) for legitimate users attempting to access the Feast Feature Server. The vulnerability affects Feast Feature Server versions prior to 0.59.0 and is categorized as a resource exhaustion issue (CWE-770). Red Hat has acknowledged this vulnerability, indicating its potential impact on deployments leveraging Red Hat OpenShift AI (RHOAI) which may include affected Feast components. This issue poses a significant threat to the availability and stability of services relying on vulnerable Feast Feature Server instances.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker identifies a publicly accessible instance of the Feast Feature Server running a vulnerable version (prior to 0.59.0).</li>
<li>The attacker initiates a large number of unauthenticated WebSocket handshake requests targeting the <code>/ws/chat</code> endpoint on the vulnerable server.</li>
<li>The Feast Feature Server, due to the vulnerability, establishes and maintains these persistent WebSocket connections without requiring any form of authentication.</li>
<li>The continuous establishment and maintenance of numerous unauthenticated connections rapidly consume the server's available resources, such as memory and CPU cycles.</li>
<li>The server also exhausts its capacity for file descriptors, which are required for each open connection.</li>
<li>As critical resources become depleted, the Feast Feature Server becomes unresponsive to legitimate requests, resulting in a complete denial of service.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-23538 leads to a complete denial of service for the Feast Feature Server. This means legitimate users will be unable to access feature data, disrupting critical applications and services that rely on the server. The attack exhausts server resources such as memory, CPU, and file descriptors, rendering the server inoperable. While no specific victim numbers or targeted sectors are detailed in the advisory, any organization utilizing vulnerable versions of the Feast Feature Server, especially those integrated into platforms like Red Hat OpenShift AI, is at risk of severe operational disruption and potential data pipeline failures.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-23538 immediately by upgrading Feast Feature Server to version 0.59.0 or later to mitigate the vulnerability.</li>
<li>Deploy the Sigma rule &quot;Detect Unauthenticated WebSocket Connection Attempts to Feast Feature Server '/ws/chat' Endpoint&quot; to your SIEM and investigate any alerts, especially in conjunction with unusually high connection rates or resource utilization on Feast servers.</li>
<li>Implement network-level rate limiting or connection throttling for ingress traffic targeting the Feast Feature Server's <code>/ws/chat</code> endpoint to prevent resource exhaustion attacks.</li>
<li>Monitor <code>webserver</code> logs for a high volume of connections to <code>/ws/chat</code> from single or multiple IP addresses, particularly without expected authentication headers.</li>
</ul>
]]></content:encoded><category domain="severity">low</category><category domain="type">advisory</category><category>denial-of-service</category><category>vulnerability</category><category>websocket</category><category>resource-exhaustion</category><category>feast-feature-server</category></item></channel></rss>