CVE-2026-22207 — AI Deep Analysis Summary

🚨 **Essence**: OpenViking (Volcengine's AI agent context DB) has an **Access Control Error** (CWE-306).…

🛡️ **Root Cause**: **CWE-306** (Missing Authentication for Critical Function).…

📦 **Affected**: **Volcengine OpenViking**. <br>📅 **Versions**: **0.1.18 and earlier**. <br>⚠️ **Note**: Ensure you are not running legacy versions of this AI context database.

🕵️ **Attacker Actions**: <br>1. **Bypass Auth**: No API key needed if config is empty. <br>2. **Root Access**: Gain full **ROOT** privileges. <br>3. **Data Theft**: Full read/write access to AI agent context data.

📉 **Exploitation Threshold**: **LOW**. <br>🔓 **Auth**: None required (if config is omitted). <br>⚙️ **Config**: Only fails if `root_api_key` is **not set**. <br>🌐 **Network**: Remote (AV:N).

🧨 **Public Exploit**: **No PoC provided** in this data. <br>📉 **Wild Exploitation**: Unlikely to be widespread yet, but the logic flaw is trivial to exploit if the config condition is met.

🔍 **Self-Check**: <br>1. Check OpenViking version (≤ 0.1.18). <br>2. Inspect config: Is `root_api_key` **omitted/empty**? <br>3. Scan for missing auth on root endpoints.

✅ **Fixed**: **Yes**. <br>🔗 **Patch**: See PR #310 and Commit `0251c70`. <br>🛡️ **Action**: Upgrade to the patched version immediately.

🚧 **Workaround (No Patch)**: <br>1. **Set `root_api_key`**: Never leave it omitted. <br>2. **Network Isolation**: Block external access to OpenViking ports. <br>3. **WAF**: Filter requests to root API endpoints.

🔥 **Urgency**: **CRITICAL**. <br>🚨 **Priority**: **P0**. <br>📢 **Reason**: CVSS 9.8 (High). Root access via missing config is a severe risk for AI infrastructure. Patch NOW.