CVE-2026-22207 - OpenViking Missing root_api_key Allows Anonymous ROOT Access

CVE ID : CVE-2026-22207 Published : Feb. 26, 2026, 9:28 p.m. | 37 minutes ago Description : OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without authentication headers to access administrative functions including account management, resource operations, and system configuration. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...