Every CVE whose affected-product data names Volcengine Openviking, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-40525 — CVSS 9.1 (critical): OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the…
CVE-2026-28518 — CVSS 7.8 (high): OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that…
CVE-2026-22680 — CVSS 5.3 (medium): OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized…
CVE-2026-34999 — CVSS 5.3 (medium): OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote…