Lucene search
K

61 matches found

Github Security Blog
Github Security Blog
added 2026/03/03 3:31 p.m.8 views

OpenViking contains a Path Traversal vulnerability

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/03 3:16 p.m.12 views

CVE-2026-28518

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 2:36 p.m.4 views

CVE-2026-28518 OpenViking .ovpack Import ZIP Slip Path Traversal

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6.1AI score0.00181EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/03 2:36 p.m.4 views

CVE-2026-28518 OpenViking .ovpack Import ZIP Slip Path Traversal

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/03 2:36 p.m.7 views

EUVD-2026-9296

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 2:36 p.m.7 views

CVE-2026-28518

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References4
CVE
CVE
added 2026/03/03 2:36 p.m.16 views

CVE-2026-28518

OpenViking versions 0.2.1 and earlier are affected by a path traversal vulnerability in the .ovpack import handling. Malicious ZIP archives containing traversal sequences, absolute paths, or drive prefixes in member names can write files outside the intended import directory with the importing pr...

8.4CVSS6AI score0.00181EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/03 2:36 p.m.30 views

CVE-2026-28518 OpenViking .ovpack Import ZIP Slip Path Traversal

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.12 views

PT-2026-22744

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

8.4CVSS6AI score0.00181EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.8 views

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Versions of OpenViking prior to 0.2.1 contained security vulnerabilities. These vulnerabilities were due to path traversal issues during the .ovpack import process, which could allow attacke...

8.4CVSS5.8AI score0.00181EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.4 views

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

9.8CVSS6AI score0.0043EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/27 9:25 p.m.5 views

Missing Authentication for Critical Function

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the omission of the rootapikey configuration. An attacker can gain unauthorized ROOT-level access by sending requests to protected...

9.8CVSS5.8AI score0.0043EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/26 9:31 p.m.4 views

EUVD-2026-8885

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

9.3CVSS5.5AI score0.0043EPSS
Exploits0References5
NVD
NVD
added 2026/02/26 9:28 p.m.10 views

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

9.8CVSS0.0043EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/26 8:34 p.m.6 views

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

9.8CVSS5.8AI score0.0043EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/26 8:34 p.m.2 views

CVE-2026-22207 OpenViking Missing root_api_key Allows Anonymous ROOT Access

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

9.8CVSS6AI score0.0043EPSS
Exploits0References4
OSV
OSV
added 2026/02/26 8:34 p.m.5 views

CVE-2026-22207 OpenViking Missing root_api_key Allows Anonymous ROOT Access

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

9.3CVSS6AI score0.0043EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/26 8:34 p.m.32 views

CVE-2026-22207 OpenViking Missing root_api_key Allows Anonymous ROOT Access

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

9.8CVSS0.0043EPSS
Exploits0References4
CVE
CVE
added 2026/02/26 8:34 p.m.13 views

CVE-2026-22207

OpenViking up to version 0.1.18 (pre-commit 0251c70) contains a broken access control flaw that lets unauthenticated attackers gain ROOT privileges when root_api_key is omitted. Attackers can reach protected endpoints without authentication headers to perform administrative actions including acco...

9.8CVSS5.5AI score0.0043EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

OpenViking 访问控制错误漏洞

OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Versions of OpenViking prior to 0.1.18 contained a security vulnerability related to access control. This vulnerability resulted from an attack on access control mechanisms, allowing...

9.8CVSS5.8AI score0.0043EPSS
Exploits0References4
Rows per page
Query Builder