Detections
Analytics

CVE-2026-13507

low

Description

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verification of data authenticity. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The pull request to fix this issue awaits acceptance.

References

https://vuldb.com/vuln/374515/cti

https://vuldb.com/vuln/374515

https://vuldb.com/submit/838791

https://vuldb.com/cve/CVE-2026-13507

https://github.com/volcengine/OpenViking/pull/2268

https://github.com/volcengine/OpenViking/issues/2263

https://github.com/volcengine/OpenViking/

Details

Source: Mitre, NVD

Published: 2026-06-28

Updated: 2026-06-29

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00138