CVE-2026-13507
volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity
CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verification of data authenticity. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The pull request to fix this issue awaits acceptance.
| CWE | CWE-345 |
| Vendor | volcengine |
| Product | openviking |
| Published | Jun 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for volcengine openviking
Be the first to know when new medium vulnerabilities affecting volcengine openviking are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
volcengine / OpenViking
0.3.0 0.3.1 0.3.2 0.3.3 0.3.4 0.3.5 0.3.6 0.3.7 0.3.8 0.3.9 0.3.10 0.3.11 0.3.12 0.3.13 0.3.14 0.3.15 0.3.16 0.3.17 0.3.18 0.3.19 0.3.20 0.3.21
References
vuldb.com: https://vuldb.com/vuln/374515 vuldb.com: https://vuldb.com/vuln/374515/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13507 vuldb.com: https://vuldb.com/submit/838791 github.com: https://github.com/volcengine/OpenViking/issues/2263 github.com: https://github.com/volcengine/OpenViking/pull/2268 github.com: https://github.com/volcengine/OpenViking/
Credits
๐ Dem000000 (VulDB User) VulDB CNA Team