CVE-2026-22207 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT pr…
Critical CVSS: 9.3

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without authentication headers to access administrative functions including account management, resource operations, and system configuration.
Vendor
-
Product
-
CWE
CWE-306
Yayın Tarihi
2026-02-26 21:28:52
Güncelleme
2026-04-07 18:16:38
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-306 CRITICAL 2026

Referanslar

https://github.com/volcengine/OpenViking/commit/0251c7045b3f8092c4d2e1565115b1ba23db282f https://github.com/volcengine/OpenViking/issues/302 https://github.com/volcengine/OpenViking/pull/310 https://www.vulncheck.com/advisories/openviking-missing-root-api-key-allows-anonymous-root-access https://github.com/volcengine/OpenViking/issues/302