Feast Feature Server Unauthenticated Arbitrary File Read Vulnerability

Vulnerability

A vulnerability exists in the Feast Feature Server's `/read-document` endpoint, allowing unauthenticated remote attackers to read any file accessible to the server process. By sending a specially crafted HTTP POST request, attackers can bypass access restrictions and potentially retrieve sensitive system files, application configurations, and credentials. This vulnerability affects Feast Feature Server versions through 0.58.0.

Impact

Exploitation of this vulnerability could lead to unauthorized reading of files, including sensitive data such as system files, application configurations, and credentials.

Added: Mar 20, 2026, 10:24 PM

Updated: Mar 20, 2026, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Feast Feature Server Unauthenticated Arbitrary File Read Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating