Vulnerability in volvengine OpenViking Affects Local VectorDB Primary-key Label Handler
CVE-2026-13507

2.3LOW

Key Information:

Vendor

Volcengine

Status
Openviking
Vendor
CVE Published:
28 June 2026

What is CVE-2026-13507?

A vulnerability exists in Volcengine's OpenViking that affects the Local VectorDB Primary-key Label Handler. The issue arises in the str_to_uint64 function, where insufficient verification of the argument ID allows for potential data authenticity manipulation. This vulnerability may allow attackers to execute complex remote attacks targeting the integrity of the data managed by the VectorDB. The complexity of the exploit makes it challenging to carry out, and acknowledgment of a fix is pending acceptance. Developers and users are encouraged to monitor updates and apply patches once available.

Affected Version(s)

OpenViking 0.3.0

OpenViking 0.3.1

OpenViking 0.3.2

References

https://vuldb.com/vuln/374515
vdb-entrytechnical-description
https://vuldb.com/vuln/374515/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-13507
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dem000000 (VulDB User)
VulDB CNA Team
.