PatchSiren

feast-dev CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH feast-dev CVE published 2026-01-01

CVE-2025-11157

CVE-2025-11157 is a high-severity remote code execution vulnerability in feast-dev/feast version 0.53.0. The vulnerability exists in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. An attacker can exploit this vulnerability by modifying YAML files to execute OS commands on the worker pod, potentially leading to cluster takeover, data poisoning, [truncated]