CVE-2026-23536 is a path traversal vulnerability identified in the Feast Feature Server's /read-document endpoint within Red Hat OpenShift AI (RHOAI). The flaw arises from improper limitation of pathname inputs, allowing an attacker to craft HTTP POST requests that bypass directory restrictions. This enables unauthenticated remote attackers to read any file accessible by the server process, including sensitive system files, application configuration files, and credentials. The vulnerability does not require any authentication or user interaction, increasing its exploitability. The CVSS 3.1 base score is 7.5, reflecting a high severity primarily due to the high confidentiality impact and network attack vector with low complexity. Although no exploits are currently known in the wild, the potential for information disclosure is significant. The vulnerability affects the Feast Feature Server component integrated into RHOAI, a platform used for AI workloads on OpenShift. The lack of patches at the time of reporting necessitates immediate mitigation steps. This vulnerability could be leveraged to gain sensitive information that might facilitate further attacks or lateral movement within affected environments.

The primary impact of CVE-2026-23536 is the unauthorized disclosure of sensitive information due to arbitrary file read capabilities. Attackers can access system files, configuration data, and credentials, potentially exposing secrets such as API keys, database passwords, or private keys. This can lead to further compromise, including privilege escalation, lateral movement, or disruption of AI workloads. Organizations relying on RHOAI for AI model deployment and management may face operational risks and data breaches. The vulnerability's ease of exploitation without authentication increases the risk of widespread attacks if exposed to untrusted networks. Confidentiality is severely impacted, while integrity and availability remain unaffected. The scope includes all deployments of the vulnerable Feast Feature Server in RHOAI environments, which are typically used in enterprise and cloud-native AI applications.

Until an official patch is released by Red Hat, organizations should implement the following mitigations: 1) Restrict network access to the Feast Feature Server /read-document endpoint by applying strict firewall rules or network policies limiting access to trusted internal hosts only. 2) Employ web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal patterns in HTTP POST requests targeting the vulnerable endpoint. 3) Monitor logs for unusual access patterns or attempts to read sensitive files via the /read-document endpoint. 4) Conduct thorough audits of exposed files and credentials to identify any potential leakage. 5) Follow Red Hat advisories closely and apply patches immediately upon availability. 6) Consider isolating the Feast Feature Server component in a hardened container or environment with minimal file system permissions to reduce the impact of exploitation. 7) Educate DevOps and security teams about this vulnerability to ensure rapid detection and response.