{
  "variant_id": "CVE-2026-23537-feast-web-ui-save-document-alternate-entrypoint",
  "created_at": "2026-07-05T00:00:00Z",
  "variant_summary": "Feast Web UI exposed an unauthenticated /save-document endpoint that reached the same Path.resolve()+str.startswith(os.getcwd()) arbitrary JSON write sink as the Feature Server endpoint; vulnerable revisions allow the same write-to-static-artifacts RCE chain, but the tested fix removes this UI endpoint so it is not a bypass.",
  "relation": "newer_version_sibling",
  "origin_kind": "pruva_variant",
  "repository": "https://github.com/feast-dev/feast",
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "be1b52227e1ade9a3be9836391ade45eb1a26909",
    "version": null,
    "ref": null,
    "display": "feast vulnerable commit be1b52227e1ade9a3be9836391ade45eb1a26909"
  },
  "variant_target": {
    "target_kind": "git_commit",
    "commit_sha": "be1b52227e1ade9a3be9836391ade45eb1a26909",
    "version": null,
    "ref": null,
    "display": "feast vulnerable commit be1b52227e1ade9a3be9836391ade45eb1a26909, Web UI /save-document alternate entrypoint"
  },
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "claimed_surface": "api_remote",
  "validated_surface": "api_remote",
  "required_entrypoint_kind": "http_endpoint",
  "required_entrypoint_detail": "POST /save-document on Feast Web UI server (sdk/python/feast/ui_server.py get_app.<locals>.save_document_endpoint)",
  "attacker_controlled_input": "Unauthenticated HTTP JSON body containing file_path and data fields sent to the Web UI /save-document endpoint.",
  "trigger_path": "POST /save-document on feast.ui_server -> SaveDocumentRequest(file_path,data) -> Path(file_path).resolve() -> naive str(file_path).startswith(os.getcwd()) check -> write <stem>-labels.json with json.dump(request.data) -> Feast Feature Server startup -> load_static_artifacts() imports feature_repo/static_artifacts.py -> deployment component consumes attacker-written JSON -> startup hook executes",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "evidence_scope": "production_path",
  "runtime_manifest_present": true,
  "end_to_end_target_reached": true,
  "inferred": false,
  "claim_block_reason": "Not a fixed-version bypass: commit 4018e7b0c39825a5647fb17fc5607d72fb4bc0ce removes the Web UI /save-document endpoint, and latest origin/master also lacks document endpoints.",
  "blocking_mitigation": "Removal of document endpoints from both sdk/python/feast/feature_server.py and sdk/python/feast/ui_server.py.",
  "file_path": "sdk/python/feast/ui_server.py",
  "line_start": 124,
  "line_end": 142,
  "secondary_anchors": [
    {
      "file_path": "sdk/python/feast/feature_server.py",
      "line_start": 174,
      "line_end": 216
    },
    {
      "file_path": "sdk/python/feast/feature_server.py",
      "line_start": 545,
      "line_end": 578
    },
    {
      "file_path": "sdk/python/feast/ui_server.py",
      "line_start": 15,
      "line_end": 17
    }
  ],
  "review_scope_paths": [
    "sdk/python/feast/ui_server.py",
    "sdk/python/feast/feature_server.py",
    "sdk/python/tests/unit/test_ui_server.py",
    "docs/getting-started/concepts/permission.md",
    "docs/reference/alpha-web-ui.md"
  ],
  "fixed_target": {
    "target_kind": "git_commit",
    "commit_sha": "4018e7b0c39825a5647fb17fc5607d72fb4bc0ce",
    "version": null,
    "ref": null,
    "display": "fixed commit 4018e7b0c39825a5647fb17fc5607d72fb4bc0ce"
  },
  "latest_observed_target": {
    "target_kind": "git_commit",
    "commit_sha": "f296d4ba14c5d512429219b2b7845673e0fe524d",
    "version": null,
    "ref": "origin/master",
    "display": "origin/master observed during variant run"
  },
  "artifact_refs": {
    "variant_manifest": "bundle/vuln_variant/variant_manifest.json",
    "validation_verdict": "bundle/vuln_variant/validation_verdict.json",
    "runtime_manifest": "bundle/vuln_variant/runtime_manifest.json",
    "repro_log": "bundle/logs/vuln_variant/reproduction_steps.log",
    "root_cause_equivalence": "bundle/vuln_variant/root_cause_equivalence.json",
    "source_identity": "bundle/vuln_variant/source_identity.json",
    "patch_analysis": "bundle/vuln_variant/patch_analysis.md",
    "reproducer": [
      "bundle/vuln_variant/reproduction_steps.sh"
    ]
  }
}
