CVE-2026-23537
CRITICALA vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling...
Full CISO analysis pending enrichment.
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| Jupyter | pip | — | No patch |
| Jupyter | pip | — | No patch |
| Jupyter | pip | — | No patch |
| Jupyter | pip | — | No patch |
| Jupyter | pip | — | No patch |
| Jupyter | pip | — | No patch |
| Feast Feature Server | — | — | No patch |
| rhoai/odh-feature-server-rhel9 | — | — | No patch |
| rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9 | — | — | No patch |
| rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9 | — | — | No patch |
| rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9 | — | — | No patch |
| rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9 | — | — | No patch |
| rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9 | — | — | No patch |
| rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9 | — | — | No patch |
| rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9 | — | — | No patch |
How severe is it?
What is the attack surface?
What should I do?
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Which compliance frameworks are affected?
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-23537?
A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution.
Is CVE-2026-23537 actively exploited?
No confirmed active exploitation of CVE-2026-23537 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-23537?
No patch is currently available. Monitor vendor advisories for updates.
What is the CVSS score for CVE-2026-23537?
CVE-2026-23537 has a CVSS v3.1 base score of 9.1 (CRITICAL).
What are the technical details?
Original Advisory
A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution.
Weaknesses (CWE)
CWE-862 — Missing Authorization: The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
- [Architecture and Design] Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries. Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
- [Architecture and Design] Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H References
- access.redhat.com/security/cve/CVE-2026-23537 vdb-entry x_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgi issue-tracking x_refsource_REDHAT
- github.com/red-hat-data-services/feast/pull/192
Timeline
Related Vulnerabilities
CVE-2023-25574 10.0 JupyterHub LTI13: JWT forgery enables full auth bypass
Same package: jupyter CVE-2026-44180 9.8 Jupyter Enterprise Gateway: root privilege bypass in Kubernetes
Same package: jupyter CVE-2026-44727 9.0 jupyter-server: stored XSS yields kernel RCE
Same package: jupyter CVE-2026-42266 8.8 JupyterLab: Extension allow-list bypass enables privesc
Same package: jupyter CVE-2026-42557 8.8 JupyterLab: one-click RCE via notebook HTML cell output
Same package: jupyter