CVE-2026-23536: Jupyter — HIGH

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

Full CISO analysis pending enrichment.

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
Jupyter	pip	—	No patch
13.2K OpenSSF 5.8 1.9K dependents Pushed 11d ago 68% patched ~19d to patch Full package profile →
Jupyter	pip	—	No patch
13.2K OpenSSF 5.8 1.9K dependents Pushed 11d ago 68% patched ~19d to patch Full package profile →
Jupyter	pip	—	No patch
13.2K OpenSSF 5.8 1.9K dependents Pushed 11d ago 68% patched ~19d to patch Full package profile →
Jupyter	pip	—	No patch
13.2K OpenSSF 5.8 1.9K dependents Pushed 11d ago 68% patched ~19d to patch Full package profile →
Jupyter	pip	—	No patch
13.2K OpenSSF 5.8 1.9K dependents Pushed 11d ago 68% patched ~19d to patch Full package profile →
Jupyter	pip	—	No patch
13.2K OpenSSF 5.8 1.9K dependents Pushed 11d ago 68% patched ~19d to patch Full package profile →
rhoai/odh-feature-server-rhel9	—	—	No patch
rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9	—	—	No patch
rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9	—	—	No patch
rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9	—	—	No patch
rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9	—	—	No patch
rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9	—	—	No patch
rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9	—	—	No patch
rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9	—	—	No patch

How severe is it?

CVSS 3.1

7.5 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

N/A

What is the attack surface?

AV Network

AC Low

PR None

UI None

S Unchanged

C High

I None

A None

What should I do?

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Which compliance frameworks are affected?

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-23536?

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.

Is CVE-2026-23536 actively exploited?

No confirmed active exploitation of CVE-2026-23536 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-23536?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-23536?

CVE-2026-23536 has a CVSS v3.1 base score of 7.5 (HIGH).

What are the technical details?

Original Advisory

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.

Weaknesses (CWE)

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'): The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

[Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue." Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylis
[Architecture and Design] For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Source: MITRE CWE corpus.