Skip to main content

Openviking CVE-2026-40525

| EUVDEUVD-2026-23464 CRITICAL
Not Failing Securely ('Failing Open') (CWE-636)
2026-04-17 VulnCheck GHSA-jgq2-vq69-gr6h
9.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.1 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
Apr 21, 2026 - 14:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 17, 2026 - 19:22 vuln.today
cvss_changed
Analysis Generated
Apr 17, 2026 - 19:01 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 18:45 euvd
EUVD-2026-23464
Analysis Generated
Apr 17, 2026 - 18:45 vuln.today
Patch released
Apr 17, 2026 - 18:45 nvd
Patch available
CVE Published
Apr 17, 2026 - 18:19 nvd
CRITICAL 9.1

DescriptionCVE.org

OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot.

AnalysisAI

OpenViking VikingBot OpenAPI routes permit unauthenticated remote attackers to execute privileged bot-control operations when the api_key configuration is unset or empty. Attackers can submit arbitrary prompts, manipulate bot sessions, and access downstream integrations, secrets, and data without providing valid X-API-Key authentication. Affects OpenViking versions ≤0.3.8; patched in commit c7bb167 (v0.3.9 release). No active exploitation confirmed (not in CISA KEV), but EPSS score of 0.11% suggests low observed exploitation probability. VulnCheck advisory and GitHub patch available.

Technical ContextAI

OpenViking is a Volcengine bot framework exposing HTTP OpenAPI routes for bot management and control. The vulnerability stems from CWE-636 (Not Failing Securely), where the authentication middleware fails open when the api_key configuration parameter is unset or empty string. Instead of denying access when authentication credentials are absent, the code permits requests through without validation. This is a classic example of a default-permit rather than default-deny security control. The CVSS v4.0 vector (AV:N/AC:L/AT:P/PR:N) indicates network-accessible exploitation with low complexity but present attack requirements (AT:P suggests configuration-dependent conditions). The affected component is specifically the VikingBot OpenAPI HTTP route handler, which manages bot session lifecycle, prompt submission, and integration access. CPE identifier cpe:2.3:a:volcengine:openviking confirms Volcengine as the vendor.

RemediationAI

Upgrade immediately to OpenViking v0.3.9 or later, which includes commit c7bb167 addressing the authentication bypass (https://github.com/volcengine/OpenViking/releases/tag/v0.3.9). For systems unable to upgrade immediately, implement these compensating controls: (1) Configure a strong api_key value in OpenViking configuration to force authentication check to execute properly - verify the configuration enforces X-API-Key header validation after setting this parameter. (2) Restrict network access to VikingBot OpenAPI HTTP endpoints using firewall rules or network segmentation, permitting only trusted management networks - this reduces attack surface but does not eliminate insider threat or lateral movement risk. (3) Deploy a reverse proxy with authentication enforcement (e.g., nginx with auth_request, API gateway with OAuth) in front of OpenViking endpoints - this adds defense-in-depth but introduces operational complexity and potential performance impact. Note that workarounds (2) and (3) do not fix the underlying fail-open logic and should be considered temporary measures only. Verify patch application by reviewing logs for authentication check behavior and testing that requests without X-API-Key headers are rejected. Audit existing bot configurations for unauthorized access during the vulnerability window.

Share

CVE-2026-40525 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy