CVE-2026-22207 — OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken…
Image via opengraph.githubassets.com
🚨 CVE-2026-22207 OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted.
fix(server): 未配置 root_api_key 时仅允许 localhost 绑定 · volcengine/OpenViking@0251c70
github.com
What This Means For You
- New vulnerability disclosed — verify if your stack is exposed.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-22207 | Auth Bypass | OpenViking through v0.1.18, affected component: access control, vulnerability: broken access control allowing unauthenticated ROOT privileges when root_api_key is omitted. |
| CVE-2026-22207 | Privilege Escalation | OpenViking through v0.1.18, affected component: access control, vulnerability: broken access control allowing unauthenticated ROOT privileges when root_api_key is omitted. |
| CVE-2026-22207 | Path Traversal | OpenViking through v0.1.18, affected component: access control, vulnerability: unauthenticated access to administrative functions including account management, resource operations, and system configuration via protected endpoints without authentication headers. |
🛠 Recommended Tools
🤖
SCW Elite Bot
Get IOC packs, detection rules & premium threat intel — pay with Telegram Stars ⭐
Open Bot →
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158324 |
| Published | April 07, 2026 at 21:26 UTC |
| Original Link | https://github.com/volcengine/OpenViking/commit/0251c7045... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us to stay ahead.
Share