{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40525", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-13T20:29:02.810Z", "datePublished": "2026-04-17T18:19:12.315Z", "dateUpdated": "2026-04-21T13:34:32.327Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-21T13:34:32.327Z"}, "title": "OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-636", "description": "CWE-636 Not Failing Securely ('Fail Open')", "type": "CWE"}]}], "affected": [{"vendor": "volcengine", "product": "OpenViking", "repo": "https://github.com/volcengine/OpenViking", "versions": [{"status": "affected", "version": "0", "lessThan": "0.3.9", "versionType": "semver"}, {"status": "unaffected", "version": "c7bb1676f4d037609f041bf39e4e2bd52e8f9820", "versionType": "git"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "OpenViking prior to version 0.3.9\u00a0contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "OpenViking prior to version 0.3.9&nbsp;contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot.<br>"}]}], "references": [{"url": "https://github.com/volcengine/OpenViking/releases/tag/v0.3.9", "tags": ["release-notes"]}, {"url": "https://github.com/volcengine/OpenViking/pull/1447", "tags": ["issue-tracking"]}, {"url": "https://github.com/volcengine/OpenViking/commit/c7bb1676f4d037609f041bf39e4e2bd52e8f9820", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/openviking-authentication-bypass-via-vikingbot-openapi", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "credits": [{"lang": "en", "value": "Chia Min Jun Lennon", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T13:37:40.440711Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T13:46:08.774Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T13:37:40.440711Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T13:45:05.750Z"}}], "cna": {"title": "OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Chia Min Jun Lennon"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/volcengine/OpenViking", "vendor": "volcengine", "product": "OpenViking", "versions": [{"status": "affected", "version": "0", "lessThan": "0.3.9", "versionType": "semver"}, {"status": "unaffected", "version": "c7bb1676f4d037609f041bf39e4e2bd52e8f9820", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/volcengine/OpenViking/releases/tag/v0.3.9", "tags": ["release-notes"]}, {"url": "https://github.com/volcengine/OpenViking/pull/1447", "tags": ["issue-tracking"]}, {"url": "https://github.com/volcengine/OpenViking/commit/c7bb1676f4d037609f041bf39e4e2bd52e8f9820", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/openviking-authentication-bypass-via-vikingbot-openapi", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "OpenViking prior to version 0.3.9\u00a0contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot.", "supportingMedia": [{"type": "text/html", "value": "OpenViking prior to version 0.3.9&nbsp;contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-636", "description": "CWE-636 Not Failing Securely ('Fail Open')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-21T13:34:32.327Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40525", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:34:32.327Z", "dateReserved": "2026-04-13T20:29:02.810Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-17T18:19:12.315Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:volcengine:openviking:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CA71189-E366-4E88-B579-C76516A43FF3", "versionEndExcluding": "0.3.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenViking prior to version 0.3.9\u00a0contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot."}], "id": "CVE-2026-40525", "lastModified": "2026-05-05T18:06:02.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-17T19:16:39.017", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Patch"], "url": "https://github.com/volcengine/OpenViking/commit/c7bb1676f4d037609f041bf39e4e2bd52e8f9820"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/volcengine/OpenViking/pull/1447"}, {"source": "disclosure@vulncheck.com", "tags": ["Release Notes"], "url": "https://github.com/volcengine/OpenViking/releases/tag/v0.3.9"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/openviking-authentication-bypass-via-vikingbot-openapi"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-636"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.3.8]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "c7bb1676f4d037609f041bf39e4e2bd52e8f9820"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenViking", "source": "cna", "vendor": "volcengine"}, "product": "openviking", "vendor": "volcengine"}], "analysis": {"en": {"generated_at": "2026-04-22T03:34:00.914749+00:00", "value": {"mitigation_remediation": ["Upgrade OpenViking to a version that includes the commit c7bb1676 which enforces the api_key presence", "Configure a non\u2011empty api_key value in the OpenViking settings to enable authentication enforcement", "Restrict network access to the VikingBot OpenAPI endpoints using firewall rules or network segmentation"], "summary": {"action": "Patch", "impact": "Remote Authentication Bypass allowing unauthorized bot control"}, "threat_synthesis": {"affected_systems": "The vulnerability affects OpenViking deployments by Volcengine that use any version released before the commit c7bb1676. The exposed HTTP routes of the VikingBot OpenAPI allow unrestricted access to bot functionalities and any downstream tools, integrations, secrets, or data the bot can reach.", "description_and_impact": "OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. This absence of authentication corresponds to CWE\u2011636 and permits any user to invoke privileged bot\u2011control functionality without supplying a valid X\u2011API\u2011Key header, including submitting attacker\u2011controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot.", "risk_and_exploitability": "The CVSS score of 9.1 indicates high severity. The EPSS score of 0.00109 (approximately 0.109%) indicates an extremely low probability of exploitation, but the absence of a blocking check makes exploitation straightforward for attackers with network reach to the exposed service. Because the vulnerability is not listed in the CISA KEV catalog and no known exploits are publicly disclosed yet, the likelihood of immediate exploitation is uncertain, yet the potential impact of unauthorized bot actions remains high. Attackers would likely target the open route via standard HTTP requests, bypassing authentication entirely."}}}}, "created": "2026-04-17T20:00:08.718928+00:00", "updated": "2026-04-22T03:45:06.970408+00:00", "vendors": ["volcengine", "volcengine$PRODUCT$openviking"]}