CVE-2026-23536 is a path traversal vulnerability identified in the Feast Feature Server's /read-document endpoint within Red Hat OpenShift AI (RHOAI). The vulnerability arises due to improper limitation of pathname inputs, allowing an attacker to craft HTTP POST requests that circumvent directory restrictions. This flaw enables unauthenticated remote attackers to read arbitrary files accessible by the server process, including sensitive system files, application configuration files, and credentials. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network, increasing its risk profile. The flaw does not impact integrity or availability but poses a significant confidentiality risk. The CVSS 3.1 vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, and high confidentiality impact. No patches or exploits in the wild have been reported at the time of disclosure, but the vulnerability is publicly known and documented. This vulnerability affects Red Hat's OpenShift AI platform, which is used for AI and machine learning workloads in containerized environments, making it a critical concern for organizations leveraging this technology.

The primary impact of CVE-2026-23536 is unauthorized disclosure of sensitive information. Attackers exploiting this vulnerability can access critical files such as system configuration files, secrets, credentials, and potentially proprietary data stored on the server. This can lead to further compromise, including lateral movement within the network, privilege escalation, or data exfiltration. Organizations using Red Hat OpenShift AI for AI/ML workloads in production environments face risks of intellectual property theft, exposure of confidential business data, and potential regulatory compliance violations due to data breaches. The vulnerability's ease of exploitation without authentication or user interaction increases the likelihood of automated attacks and scanning by threat actors. Although integrity and availability are not directly impacted, the confidentiality breach alone can have severe operational and reputational consequences. The lack of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for remediation.

To mitigate CVE-2026-23536, organizations should first apply any official patches or updates released by Red Hat for OpenShift AI and the Feast Feature Server component as soon as they become available. In the absence of patches, implement strict network segmentation and firewall rules to restrict access to the /read-document endpoint only to trusted internal users or systems. Employ web application firewalls (WAFs) with custom rules to detect and block path traversal patterns in HTTP POST requests targeting this endpoint. Conduct thorough code reviews and input validation enhancements to enforce proper pathname restrictions and sanitize user inputs rigorously. Monitor logs and network traffic for unusual access patterns or attempts to access sensitive files via this endpoint. Limit the privileges of the server process running Feast Feature Server to the minimum necessary, reducing the scope of accessible files. Additionally, consider deploying runtime application self-protection (RASP) solutions to detect and prevent exploitation attempts in real time. Finally, educate security teams and developers about this vulnerability to ensure rapid response and awareness.