CVE-2026-13507

EUVD-2026-40004

28.06.2026, 22:16

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verification of data authenticity. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The pull request to fix this issue awaits acceptance.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
VulDB	CNA	5 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
volcengine	openviking	0.3.0	CNA
volcengine	openviking	0.3.1	CNA
volcengine	openviking	0.3.2	CNA
volcengine	openviking	0.3.3	CNA
volcengine	openviking	0.3.4	CNA
volcengine	openviking	0.3.5	CNA
volcengine	openviking	0.3.6	CNA
volcengine	openviking	0.3.7	CNA
volcengine	openviking	0.3.8	CNA
volcengine	openviking	0.3.9	CNA
volcengine	openviking	0.3.10	CNA
volcengine	openviking	0.3.11	CNA
volcengine	openviking	0.3.12	CNA
volcengine	openviking	0.3.13	CNA
volcengine	openviking	0.3.14	CNA
volcengine	openviking	0.3.15	CNA
volcengine	openviking	0.3.16	CNA
volcengine	openviking	0.3.17	CNA
volcengine	openviking	0.3.18	CNA
volcengine	openviking	0.3.19	CNA
volcengine	openviking	0.3.20	CNA
volcengine	openviking	0.3.21	CNA

Common Weakness Enumeration

CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

https://github.com/volcengine/OpenViking/

https://github.com/volcengine/OpenViking/issues/2263

https://github.com/volcengine/OpenViking/pull/2268

https://vuldb.com/cve/CVE-2026-13507

https://vuldb.com/submit/838791

https://vuldb.com/vuln/374515

https://vuldb.com/vuln/374515/cti