CVE-2026-13507 volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity

🗓️ 28 Jun 2026 21:30:09Reported by VulDBType

CVE-2026-13507: volcengine OpenViking up to 0.3.21; str_to_uint64 bypasses data authenticity.

Reporter	Title	Published	Views	Family All 6
ATTACKERKB	CVE-2026-13507	28 Jun 202621:30	–	attackerkb
Circl	CVE-2026-13507	28 Jun 202621:56	–	circl
CVE	CVE-2026-13507	28 Jun 202621:30	–	cve
EUVD	EUVD-2026-40004	29 Jun 202600:31	–	euvd
NVD	CVE-2026-13507	28 Jun 202622:16	–	nvd
Positive Technologies	PT-2026-53163	28 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "volcengine",
    "product": "OpenViking",
    "versions": [
      {
        "version": "0.3.0",
        "status": "affected"
      },
      {
        "version": "0.3.1",
        "status": "affected"
      },
      {
        "version": "0.3.2",
        "status": "affected"
      },
      {
        "version": "0.3.3",
        "status": "affected"
      },
      {
        "version": "0.3.4",
        "status": "affected"
      },
      {
        "version": "0.3.5",
        "status": "affected"
      },
      {
        "version": "0.3.6",
        "status": "affected"
      },
      {
        "version": "0.3.7",
        "status": "affected"
      },
      {
        "version": "0.3.8",
        "status": "affected"
      },
      {
        "version": "0.3.9",
        "status": "affected"
      },
      {
        "version": "0.3.10",
        "status": "affected"
      },
      {
        "version": "0.3.11",
        "status": "affected"
      },
      {
        "version": "0.3.12",
        "status": "affected"
      },
      {
        "version": "0.3.13",
        "status": "affected"
      },
      {
        "version": "0.3.14",
        "status": "affected"
      },
      {
        "version": "0.3.15",
        "status": "affected"
      },
      {
        "version": "0.3.16",
        "status": "affected"
      },
      {
        "version": "0.3.17",
        "status": "affected"
      },
      {
        "version": "0.3.18",
        "status": "affected"
      },
      {
        "version": "0.3.19",
        "status": "affected"
      },
      {
        "version": "0.3.20",
        "status": "affected"
      },
      {
        "version": "0.3.21",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:volcengine:openviking:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Local VectorDB Primary-key Label Handler"
    ]
  }
]

Source	Link
github	www.github.com/volcengine/OpenViking/issues/2263
vuldb	www.vuldb.com/vuln/374515
vuldb	www.vuldb.com/submit/838791
github	www.github.com/volcengine/OpenViking/pull/2268
vuldb	www.vuldb.com/cve/CVE-2026-13507
github	www.github.com/volcengine/OpenViking/
vuldb	www.vuldb.com/vuln/374515/cti

28 Jun 2026 21:30Current

CVSS 42.3

CVSS 24.6

CVSS 3.15

CVSS 35

CWE-345