CVE-2026-28518 OpenViking .ovpack Import ZIP Slip Path Traversal

🗓️ 03 Mar 2026 14:36:13Reported by VulnCheckType

OpenViking 0.2.1 and earlier allow ZIP Slip in .ovpack import; fixed by commit 46b3e76.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2026-28518	3 Mar 202614:36	–	attackerkb
Circl	CVE-2026-28518	3 Mar 202615:26	–	circl
CNNVD	OpenViking 安全漏洞	3 Mar 202600:00	–	cnnvd
CVE	CVE-2026-28518	3 Mar 202614:36	–	cve
EUVD	EUVD-2026-9296	3 Mar 202614:36	–	euvd
Github Security Blog	OpenViking contains a Path Traversal vulnerability	3 Mar 202615:31	–	github
NVD	CVE-2026-28518	3 Mar 202615:16	–	nvd
OSV	GHSA-RPQR-J937-6QR9 OpenViking contains a Path Traversal vulnerability	3 Mar 202615:31	–	osv
Positive Technologies	PT-2026-22744	3 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-28518	4 Mar 202619:44	–	redhatcve

[
  {
    "vendor": "Volcengine",
    "product": "OpenViking",
    "repo": "https://github.com/volcengine/OpenViking",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "0.2.1",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "46b3e76e28b9b3eee73693720c9ec48820228b72",
        "versionType": "git"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/openviking-ovpack-import-zip-slip-path-traversal
github	www.github.com/volcengine/OpenViking/commit/46b3e76e28b9b3eee73693720c9ec48820228b72
github	www.github.com/volcengine/OpenViking/issues/342

25 May 2026 23:41Current

CVSS 3.17.8

CVSS 48.4

EPSS0.00015

CWE-22