External risk intelligence

Feast Unauthenticated Remote Code Execution via gRPC Deserialization

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-56121

The vulnerability exists in a Feast registry server component, which typically operates as an internal service for machine learning feature orchestration. While it uses gRPC and is network-reachable, these registry servers are generally deployed within private infrastructure or internal networks rather than being directly exposed to the public internet.

Deserialization

Halo Surface Signal: 3 out of 5 — possibly public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability in Feast, a technology used for managing machine learning features. The issue allows unauthenticated attackers to execute arbitrary operating system commands on the registry server. This could potentially lead to a compromise of the system where Feast is deployed.

  • Unauthenticated attackers can run commands on the server.
  • Critical vulnerability affects feature management systems.
  • Assess potential exposure and impact to your ML operations.

Attack Path

How an attacker could exploit the issue

An attacker can remotely execute code on a Feast registry server by sending a specially crafted gRPC request. This request targets the `user_defined_function.body` field, which is deserialized without proper authorization checks. By embedding a malicious Python object, an attacker can trick the server into running arbitrary operating system commands.

  • Unauthenticated network access required.
  • Crafted gRPC request triggers deserialization.
  • Remote code execution as the service account.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow unauthenticated attackers to execute arbitrary operating system commands on the Feast registry server. This is possible when the `user_defined_function.body` field in an `OnDemandFeatureView` spec is processed, as it is deserialized using `dill.loads()` without prior authorization checks, enabling the injection of malicious Python objects.

  • Feast service account commands.
  • Unauthenticated gRPC request with crafted payload.
  • Remote code execution on the server.

Operational Fix

Recommended remediation, mitigation, and detection steps

This critical vulnerability in Feast's registry server's gRPC API could allow unauthenticated attackers to achieve remote code execution. The first practical step is for application owners and platform teams to identify all instances of the affected Feast version, confirm their network exposure and business criticality, and then work with security teams to prioritize remediation, potentially involving vendor coordination or temporary risk reduction measures if immediate patching isn't feasible.

  • Application owners should own the issue.
  • Verify network reachability and criticality.
  • Plan risk-based remediation.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Feast and why is it used?

Feast is an open-source feature store for machine learning. It helps data science and engineering teams orchestrate, manage, and serve data features consistently across training and production environments. By acting as a bridge between data sources and ML models, Feast ensures that the same feature definitions are used for training and inference, maintaining data integrity.

What does CWE-502 mean for CVE-2026-56121?

CWE-502 refers to 'Deserialization of Untrusted Data.' In the context of CVE-2026-56121, this means the software takes incoming data—specifically a base64-encoded string from a request—and reconstructs it into a complex Python object without first verifying who sent the data or what it contains. Because the system trusts this input implicitly, it unwittingly processes malicious instructions embedded within that object, leading to unauthorized code execution.

How is the CVE-2026-56121 vulnerability triggered?

The bug is triggered when an attacker sends a specifically crafted gRPC request to the Feast registry server. The process involves injecting a malicious serialized Python object into the user_defined_function.body field. Simply accessing the network where Feast resides is not enough; the request must specifically target the registry component's handling of OnDemandFeatureView specs. Normal, legitimate operations that do not involve this specific field or deserialization logic do not trigger the flaw.

Why should I care about my Feast deployment?

According to Halo Surface Signal, Feast registry servers typically function as internal orchestration components. While often tucked away in private infrastructure, they are still reachable via network requests. If your registry server is configured in a way that allows network communication, it could be reachable by an attacker who has gained a foothold inside your network, making it a critical path for potential system-level compromise.

How do I start responding to this Feast vulnerability?

Your first step is to locate all instances of Feast within your environment to determine which versions are in use. Once identified, evaluate the network accessibility of your registry servers—specifically focusing on those that accept gRPC traffic. Collaborate with your security and platform teams to prioritize these instances based on their business criticality and exposure, then establish a plan to upgrade to a patched version.

References