CVE-2026-34999
Published
CVSS v3
5.3
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers can bypass authentication checks and interact directly with the upstream bot backend through the OpenViking proxy without providing valid credentials.
OpenViking is an open-source context database designed specifically for AI Agents(such as openclaw). OpenViking unifies the management of context (memory, resources, and skills) that Agents need through a file system paradigm, enabling hierarchical context delivery and self-evolving.
GitHub