Skip to content
Verified reproduction

CVE-2026-23537: Feast Feature Server unauthenticated arbitrary file write to RCE

CVE-2026-23537 is verified against feast-dev/feast · github affected versions: feast < 0.60.0 (the /save-document endpoint was introduced in v0.59.0 via PR #5865, commit 2081b55de32b830b4fb64e93b6d88cdfaeff2378) fixed version: 0.60.0 vulnerability class: RCE This critical reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00244.

REPRO-2026-00244 feast-dev/feast · github RCE Variant found Jul 6, 2026 .txt
Severity CRITICAL
Confidence HIGH
Reproduced in 37m 2s
Tool calls 320
Spend $9.52
Affected feast < 0.60.0 (the /save-document endpoint was introduced in v0.59.0 via PR #5865, commit 2081b55de32b830b4fb64e93b6d88cdfaeff2378)
Fixed in 0.60.0
$ pruva-verify REPRO-2026-00244
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00244/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

Feast Feature Server's /save-document endpoint allows unauthenticated remote attackers to write arbitrary JSON files to the server's filesystem. While the system attempts to restrict file locations, the restriction can be bypassed, enabling arbitrary file writes that can lead to remote code execution by overwriting configuration, code, or data files. Reproduce: run Feast Feature Server from a vulnerable version, send an unauthenticated POST to /save-document with a crafted path that bypasses the location restriction, and confirm the file is written on the server. Then leverage the write to execute code.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/logs/rce_processor.log0.6 KB
bundle/artifact_promotion_manifest.json21.5 KB
bundle/vuln_variant/source_identity.json1.5 KB
bundle/vuln_variant/root_cause_equivalence.json1.3 KB
bundle/repro/reproduction_steps.sh24.8 KB
bundle/repro/rca_report.md10.5 KB
bundle/repro/validation_verdict.json1.2 KB
bundle/repro/runtime_manifest.json2.3 KB
bundle/logs/reproduction_steps.log6.8 KB
bundle/logs/vuln_attempt1_consumer.log1.7 KB
bundle/logs/vuln_attempt2_consumer.log1.7 KB
bundle/logs/vuln_attempt1_writer.log1.2 KB
bundle/logs/vuln_attempt2_writer.log1.2 KB
bundle/logs/fixed_attempt1_writer.log1.2 KB
bundle/logs/fixed_attempt1_consumer.log1.1 KB
bundle/logs/fixed_attempt2_writer.log1.2 KB
bundle/logs/fixed_attempt2_consumer.log1.1 KB
bundle/logs/vuln_dotdot_writer.log0.9 KB
bundle/vuln_variant/reproduction_steps.sh21.0 KB
bundle/vuln_variant/rca_report.md11.7 KB
bundle/vuln_variant/patch_analysis.md7.2 KB
bundle/vuln_variant/variant_manifest.json4.3 KB
bundle/vuln_variant/validation_verdict.json2.4 KB
bundle/vuln_variant/runtime_manifest.json1.6 KB
bundle/logs/vuln_variant/reproduction_steps.log2.7 KB
bundle/logs/vuln_variant/vuln_ui_writer.log1.5 KB
bundle/logs/vuln_variant/vuln_feature_consumer.log1.8 KB
bundle/vuln_variant/artifacts/ui_variant_rce_marker.vulnerable.txt0.2 KB
bundle/logs/vuln_variant/fixed_ui_writer.log1.5 KB
bundle/logs/vuln_variant/latest_version.txt0.1 KB
bundle/vuln_variant/artifacts/http/vuln_ui_save_request.json1.1 KB
bundle/vuln_variant/artifacts/http/vuln_ui_save_response.json0.2 KB
bundle/vuln_variant/artifacts/http/fixed_ui_save_status.txt0.0 KB
bundle/vuln_variant/artifacts/http/fixed_ui_save_response.txt0.0 KB
bundle/vuln_variant/artifacts/feature_repo_ui/ui_variant_static_artifacts-labels.json.vuln1.0 KB