cvedb.io
CVE-2026-22207
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-02-26T21:28:52.570 · Last modified 2026-06-17T10:19:32.987

Summary

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without authentication headers to access administrative functions including account management, resource operations, and system configuration.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.