Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/{task_id} routes without authentication to expose task type, task status, resource identifiers, archive URIs, result payloads, and error information, potentially causing cross-tenant interference in multi-tenant deployments.
AnalysisAI
OpenViking versions prior to 0.3.3 expose a missing authorization vulnerability in task polling endpoints that allows unauthenticated remote attackers to enumerate and retrieve background task metadata created by other users, exposing task types, status, resource identifiers, archive URIs, result payloads, and error information. This vulnerability enables information disclosure with a CVSS score of 6.9 and carries particular risk in multi-tenant deployments where cross-tenant data leakage could occur. No public exploit code has been identified at the time of analysis, though the vulnerability requires only network access and no special attack complexity.
Technical ContextAI
OpenViking is a ByteDance Volcano Engine component (CPE: cpe:2.3:a:volcengine:openviking:*:*:*:*:*:*:*:*) that implements task polling functionality via REST API endpoints. The vulnerability stems from a missing authorization control (CWE-862: Missing Authorization) on the /api/v1/tasks and /api/v1/tasks/{task_id} routes, which should enforce authentication before returning task metadata. In multi-tenant architectures, these endpoints fail to validate whether the requesting user owns or has permission to access task objects before returning detailed information about task execution state, results, and associated resources. The CVSS vector confirms unauthenticated access (PR:N) with network reach (AV:N) and low attack complexity (AC:L), meaning the authorization check is entirely absent rather than weak.
RemediationAI
Vendor-released patch: OpenViking 0.3.3 and later. Upgrade immediately to version 0.3.3 or newer from the official GitHub repository (https://github.com/volcengine/OpenViking/releases/tag/v0.3.3). The upstream fix (commit 8c1c3f3608364ee0bb0e45f73478771a68aebdf5 and PR #1182) implements proper authorization checks on task polling endpoints to enforce authentication and ownership validation. Pending patch deployment, implement network-level access controls to restrict /api/v1/tasks and /api/v1/tasks/{task_id} endpoint access to authenticated internal clients only; however, this is a temporary workaround and patching is required for full remediation. Consult VulnCheck advisory at https://www.vulncheck.com/advisories/openviking-missing-authorization-via-task-polling for additional context.
More in Openviking
View allOpenViking VikingBot OpenAPI routes permit unauthenticated remote attackers to execute privileged bot-control operations
OpenViking 0.2.1 and earlier contain a path traversal vulnerability in .ovpack file imports that enables local attackers
OpenViking versions 0.2.5 through 0.2.13 contain a missing authentication vulnerability in the bot proxy router that all
Insufficient data authenticity verification in volcengine OpenViking's Local VectorDB Primary-key Label Handler (version
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19744
GHSA-h336-2wxm-pr6q