MEDIUM
Volcengine
CVE published 2026-04-01
CVE-2026-34999
CVE-2026-34999 is a missing authentication vulnerability in OpenViking versions 0.2.5 to 0.2.13. Remote unauthenticated attackers can access protected bot proxy functionality. Fixed in version 0.2.14. This issue allows attackers to bypass authentication checks and interact directly with the upstream bot backend through the OpenViking proxy without valid credentials.