CVE-2026-40525 | volcengine OpenViking up to 0.3.8 Exposed Service api_key failing open

A vulnerability classified as critical has been found in volcengine OpenViking up to 0.3.8. This affects an unknown function of the component Exposed Service. The manipulation of the argument api_key leads to not failing securely.

This vulnerability is documented as CVE-2026-40525. The attack can be initiated remotely. There is not any exploit available.

To fix this issue, it is recommended to deploy a patch.VulDB Recent EntriesRead More