Lucene search
K

61 matches found

Github Security Blog
Github Security Blog
added 2026/04/07 6:31 p.m.20 views

OpenViking contains a missing authorization vulnerability in the task polling endpoints

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/04/07 6:16 p.m.3 views

CVE-2026-22680

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS0.00384EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/07 5:8 p.m.2 views

CVE-2026-22680 OpenViking < 0.3.3 Missing Authorization via Task Polling

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:8 p.m.2 views

CVE-2026-22680

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/07 5:8 p.m.19 views

CVE-2026-22680 OpenViking < 0.3.3 Missing Authorization via Task Polling

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

6.9CVSS0.00384EPSS
Exploits1References4
CVE
CVE
added 2026/04/07 5:8 p.m.7 views

CVE-2026-22680

The vulnerability affects OpenViking prior to version 0.3.3, where the task polling endpoints (/api/v1/tasks and /api/v1/tasks/{task_id}) allow unauthenticated access. Root cause: missing authorization on task polling exposes background task metadata (task type, status, resource identifiers, arch...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Versions of OpenViking prior to 0.3.3 contained security vulnerabilities. These vulnerabilities stemmed from lack of authorization, which could allow unauthorized attackers to enumerate or...

6.9CVSS5.8AI score0.00384EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30929

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/task id routes witho...

6.9CVSS5.9AI score0.00384EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.3 views

CVE-2026-34999

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...

6.9CVSS6AI score0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 3:31 p.m.3 views

EUVD-2026-17905

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...

6.9CVSS6AI score0.00418EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/01 3:27 p.m.5 views

Missing Authentication for Critical Function

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the bot proxy router. An attacker can gain unauthorized access to protected bot proxy functionality by sending requests to the POST...

6.9CVSS5.8AI score0.00418EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 2:16 p.m.4 views

CVE-2026-34999

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...

6.9CVSS0.00418EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/01 1:30 p.m.2 views

CVE-2026-34999 OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...

6.9CVSS6AI score0.00418EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/01 1:30 p.m.31 views

CVE-2026-34999 OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...

6.9CVSS0.00418EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 1:30 p.m.14 views

CVE-2026-34999

OpenViking 0.2.5, prior to 0.2.14, contains a missing authentication vulnerability in the bot proxy router that lets remote unauthenticated attackers access protected bot proxy functionality by sending requests to POST /bot/v1/chat and POST /bot/v1/chat/stream. Attackers can bypass authentication...

6.9CVSS6AI score0.00418EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence proxy context database developed by Volcengine. Versions of OpenViking prior to 0.2.14 contained security vulnerabilities. These vulnerabilities stemmed from a lack of authentication in the bot proxy router, allowing unauthorized attackers to...

6.9CVSS5.8AI score0.00418EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29523

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers...

6.9CVSS6AI score0.00418EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/04 7:44 p.m.7 views

CVE-2026-28518

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/03 3:31 p.m.3 views

Directory Traversal

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Directory Traversal through the import process when handling .ovpack files. An attacker can overwrite or create arbitrary files outside the intended directory by crafting malicious ZIP...

8.4CVSS6.2AI score0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 3:31 p.m.3 views

GHSA-RPQR-J937-6QR9 OpenViking contains a Path Traversal vulnerability

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References5
Rows per page
Query Builder