CVE-2026-40525
Published: 17 April 2026
Summary
CVE-2026-40525 is a critical-severity Failing Open (CWE-636) vulnerability in Volcengine Openviking. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access to privileged bot-control functionality, directly preventing the authentication bypass vulnerability in OpenAPI routes.
Mandates secure configuration settings like a valid api_key to ensure authentication checks do not fail open when unset or empty.
Requires timely flaw remediation through patching to OpenViking version 0.3.9, which fixes the authentication bypass via commit c7bb1676f4d037609f041bf39e4e2bd52e8f9820.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in a public-facing OpenAPI HTTP service, directly enabling remote exploitation of a public-facing application without authentication.
NVD Description
OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed…
more
service can invoke privileged bot-control functionality without providing a valid X-API-Key header, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot.
Deeper analysisAI
CVE-2026-40525 is an authentication bypass vulnerability (CWE-636) in OpenViking versions prior to 0.3.9. The flaw exists in the VikingBot OpenAPI HTTP route surface, where the authentication check fails in an open state when the api_key configuration value is unset or empty. This allows unauthorized access to privileged functionality without a valid X-API-Key header.
Remote attackers with network access to an exposed OpenViking instance can exploit the vulnerability with low complexity and no privileges required. Successful exploitation enables invocation of bot-control features, such as submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data available to the bot. The issue carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts.
Mitigation involves upgrading to OpenViking version 0.3.9 or later, which incorporates the fix via GitHub commit c7bb1676f4d037609f041bf39e4e2bd52e8f9820 and pull request #1447. Additional guidance is provided in the VulnCheck advisory at https://www.vulncheck.com/advisories/openviking-authentication-bypass-via-vikingbot-openapi.
Details
- CWE(s)