Volcengine Openviking
5 CVEs affecting Volcengine Openviking. Latest disclosed: 2026-04-17. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-22207 | Critical | 9.8 | 2026-02-26 | OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT p… |
CVE-2026-40525 | Critical | 9.1 | 2026-04-17 | OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fa… |
CVE-2026-28518 | High | 7.8 | 2026-03-03 | OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to wr… |
CVE-2026-22680 | Medium | 5.3 | 2026-04-07 | OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate… |
CVE-2026-34999 | Medium | 5.3 | 2026-04-01 | OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers t… |