All 5 CVE vulnerabilities found in OpenViking, with AI-generated Chinese analysis, references, and POCs.
Vendor: Volcengine
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40525 | OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI CWE-636 | 9.1 | Critical | 2026-04-17 |
| CVE-2026-22680 | OpenViking < 0.3.3 Missing Authorization via Task Polling CWE-862 | 5.3 | Medium | 2026-04-07 |
| CVE-2026-34999 | OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access CWE-306 | 5.3 | Medium | 2026-04-01 |
| CVE-2026-28518 | OpenViking .ovpack Import ZIP Slip Path Traversal CWE-22 | 7.8 | High | 2026-03-03 |
| CVE-2026-22207 | OpenViking Missing root_api_key Allows Anonymous ROOT Access CWE-306 | 9.8 | Critical | 2026-02-26 |
All 5 known CVE vulnerabilities affecting OpenViking with full Chinese analysis, references, and POCs where available.