Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (vulncheck) · only source for this CVE.
CVSS VectorVendor: vulncheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers can bypass authentication checks and interact directly with the upstream bot backend through the OpenViking proxy without providing valid credentials.
AnalysisAI
OpenViking versions 0.2.5 through 0.2.13 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality via POST requests to /bot/v1/chat and /bot/v1/chat/stream endpoints, enabling direct interaction with the upstream bot backend without valid credentials. The vulnerability has a moderate CVSS score of 6.9 due to network accessibility and low confidentiality impact, with public fix availability as of version 0.2.14 reducing immediate risk for patched deployments.
Technical ContextAI
OpenViking is a bot proxy platform that intermediates requests to upstream bot backends. The vulnerability stems from CWE-306 (Missing Authentication Check), where the bot proxy router fails to validate authentication credentials on two critical API endpoints designed to handle chat interactions. The affected endpoints (POST /bot/v1/chat and POST /bot/v1/chat/stream) are intended to be protected but lack proper authentication gates, allowing any network-accessible attacker to bypass credential validation. This affects OpenViking versions 0.2.5 through 0.2.13 as identified in the GitHub release tag v0.2.14, which contains the upstream remediation via commit 27acda8d1701ff68423fbd6c902208e3c1ed9373 and pull request #996.
RemediationAI
Upgrade OpenViking to version 0.2.14 or later, which includes the authentication fix released via commit 27acda8d1701ff68423fbd6c902208e3c1ed9373 (merged in pull request #996). Organizations unable to upgrade immediately should implement network-level access controls to restrict access to the /bot/v1/chat and /bot/v1/chat/stream endpoints to trusted sources only, or disable the bot proxy endpoints if not required. Additional details are available in the vendor advisory at https://www.vulncheck.com/advisories/openviking-bot-proxy-endpoints-allow-unauthenticated-access.
More in Openviking
View allOpenViking VikingBot OpenAPI routes permit unauthenticated remote attackers to execute privileged bot-control operations
OpenViking 0.2.1 and earlier contain a path traversal vulnerability in .ovpack file imports that enables local attackers
OpenViking versions prior to 0.3.3 expose a missing authorization vulnerability in task polling endpoints that allows un
Insufficient data authenticity verification in volcengine OpenViking's Local VectorDB Primary-key Label Handler (version
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17905