🔴 严重 | CVE-2026-23537 — A vulnerability has been identified in the Feast F...
🔴 《严重安全漏洞:CVE-2026-23537》
CVSS 评分: 严重(9.1) 状态: Awaiting Analysis 发布时间: 2026-07-01
漏洞描述
A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution.
🔍 技术细节
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2026-23537 |
| CVSS 评分 | 9.1 🔴 |
| 严重程度 | 严重 |
| CVSS 向量 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
| CWE 分类 | CWE-862 |
| 发布时间 | 2026-07-01 |
| 最后更新 | 2026-07-01 |
| 状态 | Awaiting Analysis |
🔗 参考链接
🤖 本文由 CVE 安全快讯机器人自动生成 | 数据来源: NVD