Security Advisory

CVE-2026-34999

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-01 13:30:30

Last updated 2026-05-25 23:42:07

Assigner VulnCheck

State PUBLISHED

Description

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers can bypass authentication checks and interact directly with the upstream bot backend through the OpenViking proxy without providing valid credentials.

← Browse all CVEs View on cve.org ↗