CVE-2026-13507

Sažetak

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verification of data authenticity. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The pull request to fix this issue awaits acceptance.

Reference

https://github.com/volcengine/OpenViking/
https://github.com/volcengine/OpenViking/issues/2263
https://github.com/volcengine/OpenViking/pull/2268
https://vuldb.com/cve/CVE-2026-13507
https://vuldb.com/submit/838791
https://vuldb.com/vuln/374515
https://vuldb.com/vuln/374515/cti

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

28-06-2026 - 22:16

Objavljeno

28-06-2026 - 22:16