← All reports

The OpenViking software has a critical authentication bypass vulnerability that allows remote attackers to exploit the system when the api_key configuration value is unset or empty.

CybersecurityApr 17, 2026score 0.272 posts · 0 replies across 2 instances
The thread discusses a critical vulnerability in the OpenViking software, specifically an authentication bypass issue that allows remote attackers to exploit the system when the api_key is unset or empty. This vulnerability has been reported with a high CVSS score and is relevant to cybersecurity and software security.

Claims

The OpenViking software has a critical authentication bypass vulnerability that allows remote attackers to exploit the system when the api_key configuration value is unset or empty.
Parent: CybersecurityEntity: OpenVikingImpact: negativeDate: Apr 17, 2026Target: The OpenViking software's security

Source posts

@[email protected]
🚨 EUVD-2026-23464 📊 Score: 9.1/10 (CVSS v3.1) 📦 Product: OpenViking, OpenViking 🏢 Vendor: Volcengine 📅 Updated: 2026-04-17 📝 OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attacker... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23464 #cybersecurity #infosec #euvd #cve #vulnerability
0 boosts · 0 favs · 0 replies · Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
@[email protected]
🔴 CVE-2026-40525 - Critical (9.1) OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40525/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
0 boosts · 0 favs · 0 replies · Apr 17, 2026
#cve#vulnerability#infosec#cybersecurity#security#tenda