PatchSiren

Volcengine CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Volcengine CVE published 2026-04-01

CVE-2026-34999

CVE-2026-34999 is a missing authentication vulnerability in OpenViking versions 0.2.5 to 0.2.13. Remote unauthenticated attackers can access protected bot proxy functionality. Fixed in version 0.2.14. This issue allows attackers to bypass authentication checks and interact directly with the upstream bot backend through the OpenViking proxy without valid credentials.