CVE-2026-40525
- EPSS 0.11%
- Veröffentlicht 17.04.2026 18:19:12
- Zuletzt bearbeitet 17.04.2026 19:16:39
OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with net...
CVE-2026-22680
- EPSS 0.05%
- Veröffentlicht 07.04.2026 17:08:30
- Zuletzt bearbeitet 14.04.2026 16:16:31
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/...
CVE-2026-34999
- EPSS 0.06%
- Veröffentlicht 01.04.2026 13:30:30
- Zuletzt bearbeitet 07.04.2026 16:37:04
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and...
CVE-2026-28518
- EPSS 0.01%
- Veröffentlicht 03.03.2026 14:36:13
- Zuletzt bearbeitet 17.04.2026 21:19:50
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives...
CVE-2026-22207
- EPSS 0.3%
- Veröffentlicht 26.02.2026 20:34:30
- Zuletzt bearbeitet 15.04.2026 00:35:42
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to pr...