CVE-2026-23538: Allocation of Resources Without Limits or Throttling in Feast Feast Feature Server
CVE-2026-23538 is a vulnerability in the Feast Feature Server's /ws/chat endpoint that allows unauthenticated remote attackers to open persistent WebSocket connections. This can lead to resource exhaustion on the server, causing denial of service for legitimate users. The vulnerability has a high severity rating with a CVSS score of 7.5. No patch or official remediation has been confirmed yet according to the available vendor advisory. The affected versions are not explicitly stated.
AI Analysis
Technical Summary
The Feast Feature Server exposes a vulnerability at its /ws/chat WebSocket endpoint that permits remote attackers to establish unlimited persistent connections without authentication. This lack of resource limits or throttling can exhaust server resources such as memory, CPU, and file descriptors, resulting in a denial of service condition. The CVSS 3.1 vector indicates the attack requires no privileges or user interaction and impacts availability only. No vendor-provided patch or remediation level is currently documented in the advisory from Red Hat.
Potential Impact
Successful exploitation allows attackers to cause a denial of service by exhausting server resources through numerous unauthenticated WebSocket connections. This impacts the availability of the Feast Feature Server for legitimate users. There is no indication of confidentiality or integrity impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or mitigation is documented, users should monitor the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-23538 for updates. Until a fix is available, consider implementing external rate limiting or connection throttling at network or proxy layers to mitigate resource exhaustion risks.
CVE-2026-23538: Allocation of Resources Without Limits or Throttling in Feast Feast Feature Server
Description
CVE-2026-23538 is a vulnerability in the Feast Feature Server's /ws/chat endpoint that allows unauthenticated remote attackers to open persistent WebSocket connections. This can lead to resource exhaustion on the server, causing denial of service for legitimate users. The vulnerability has a high severity rating with a CVSS score of 7.5. No patch or official remediation has been confirmed yet according to the available vendor advisory. The affected versions are not explicitly stated.
CVSS v3.1
Score 7.5high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Feast Feature Server exposes a vulnerability at its /ws/chat WebSocket endpoint that permits remote attackers to establish unlimited persistent connections without authentication. This lack of resource limits or throttling can exhaust server resources such as memory, CPU, and file descriptors, resulting in a denial of service condition. The CVSS 3.1 vector indicates the attack requires no privileges or user interaction and impacts availability only. No vendor-provided patch or remediation level is currently documented in the advisory from Red Hat.
Potential Impact
Successful exploitation allows attackers to cause a denial of service by exhausting server resources through numerous unauthenticated WebSocket connections. This impacts the availability of the Feast Feature Server for legitimate users. There is no indication of confidentiality or integrity impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or mitigation is documented, users should monitor the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-23538 for updates. Until a fix is available, consider implementing external rate limiting or connection throttling at network or proxy layers to mitigate resource exhaustion risks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-01-13T19:53:18.502Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-23538","vendor":"Red Hat"}]
Threat ID: 6a582dd568715ace43e6864a
Added to database: 07/16/2026, 01:03:17 UTC
Last enriched: 07/16/2026, 01:17:39 UTC
Last updated: 07/16/2026, 04:42:48 UTC
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.