No advisories yet.
Solution
No solution given by the vendor.
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Thu, 16 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | feast: Resource exhaustion via WebSocket endpoint | Feast: resource exhaustion via websocket endpoint |
| CPEs | cpe:/a:redhat:openshift_ai | |
| References |
|
Tue, 24 Mar 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat
Redhat openshift Ai |
|
| Vendors & Products |
Redhat
Redhat openshift Ai |
Sat, 21 Mar 2026 05:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users. | |
| Title | feast: Resource exhaustion via WebSocket endpoint | |
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-16T13:58:04.495Z
Reserved: 2026-01-13T19:53:18.502Z
Link: CVE-2026-23538
Updated: 2026-07-16T12:04:34.222Z
No data.
OpenCVE Enrichment
Updated: 2026-03-24T10:35:09Z