CVE-2026-23536

{"id": "CVE-2026-23536", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-20T22:16:27.087", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-23536", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429302", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de seguridad en el endpoint '/read-document' del Feast Feature Server que permite a un atacante remoto no autenticado leer cualquier archivo accesible para el proceso del servidor. Al enviar una solicitud HTTP POST especialmente dise\u00f1ada, un atacante puede eludir las restricciones de acceso previstas para recuperar potencialmente archivos de sistema sensibles, configuraciones de aplicaciones y credenciales."}], "lastModified": "2026-03-23T14:32:02.800", "sourceIdentifier": "secalert@redhat.com"}