Critical severity9.8NVD Advisory· Published Feb 26, 2026· Updated Apr 15, 2026
CVE-2026-22207
CVE-2026-22207
Description
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without authentication headers to access administrative functions including account management, resource operations, and system configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=0.1.18
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.