Browse all 5 CVE security advisories affecting Volcengine. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Volcengine provides cloud infrastructure and services, including computing, storage, and database solutions for enterprises. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws. The platform maintains standard cloud security practices like encryption and access controls, though its growing attack surface increases exposure risks. With five CVEs currently recorded, these issues typically stem from misconfigurations and input validation failures. While no major public security incidents have been widely reported, the volume of CVEs suggests ongoing vigilance is required for organizations relying on Volcengine's services.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40525 | OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI — OpenVikingCWE-636 | 9.1 | Critical | 2026-04-17 |
| CVE-2026-22680 | OpenViking < 0.3.3 Missing Authorization via Task Polling — OpenVikingCWE-862 | 5.3 | Medium | 2026-04-07 |
| CVE-2026-34999 | OpenViking 0.2.5 < 0.2.14 Bot Proxy Endpoints Allow Unauthenticated Access — OpenVikingCWE-306 | 5.3 | Medium | 2026-04-01 |
| CVE-2026-28518 | OpenViking .ovpack Import ZIP Slip Path Traversal — OpenVikingCWE-22 | 7.8 | High | 2026-03-03 |
| CVE-2026-22207 | OpenViking Missing root_api_key Allows Anonymous ROOT Access — OpenVikingCWE-306 | 9.8 | Critical | 2026-02-26 |
This page lists every published CVE security advisory associated with Volcengine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.