What is CVE-2026-23536?

CVE-2026-23536 is a high-severity vulnerability in Red Hat Openshift Ai (Rhoai), classified under Path Traversal. CVSS score: 7.5/10. Published 2026-03-20.

How severe is CVE-2026-23536?

High severity. CVSS v3 base score is 7.5 out of 10.

Path Traversal in Red Hat Openshift Ai (Rhoai)

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (28.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Red Hat Openshift Ai (Rhoai)

Weakness classification (CWE)

CWE-22 — Path Traversal

References

access.redhat.com/security/cve/CVE-2026-23536 (vdb-entry, x_refsource_REDHAT)
RHBZ#2429302 (issue-tracking, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2026-23536?: CVE-2026-23536 is a high-severity vulnerability in Red Hat Openshift Ai (Rhoai), classified under Path Traversal. CVSS score: 7.5/10. Published 2026-03-20.
How severe is CVE-2026-23536?: High severity. CVSS v3 base score is 7.5 out of 10.