CVE-2026-23538
Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
16/07/2026
Última modificación:
16/07/2026
Descripción
*** Pendiente de traducción *** A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://access.redhat.com/security/cve/CVE-2026-23538
- https://bugzilla.redhat.com/show_bug.cgi?id=2429311
- https://github.com/red-hat-data-services/feast/pull/192
- https://access.redhat.com/security/cve/CVE-2026-23538
- https://bugzilla.redhat.com/show_bug.cgi?id=2429311
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23538.json



