CVE-2026-13507

Source
https://cve.org/CVERecord?id=CVE-2026-13507
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13507.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-13507
Published
2026-06-28T21:30:09.767Z
Modified
2026-07-15T01:48:56.409417910Z
Severity
  • 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X CVSS Calculator
Summary
volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity
Details

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verification of data authenticity. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The pull request to fix this issue awaits acceptance.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/13xxx/CVE-2026-13507.json",
    "cwe_ids": [
        "CWE-345"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "0.3.0"
                },
                {
                    "last_affected": "0.3.0"
                },
                {
                    "introduced": "0.3.6"
                },
                {
                    "last_affected": "0.3.6"
                },
                {
                    "introduced": "0.3.7"
                },
                {
                    "last_affected": "0.3.7"
                },
                {
                    "introduced": "0.3.11"
                },
                {
                    "last_affected": "0.3.11"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/volcengine/openviking

Affected ranges

Type
GIT
Repo
https://github.com/volcengine/openviking
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.3.1"
        },
        {
            "last_affected": "0.3.1"
        },
        {
            "introduced": "0.3.2"
        },
        {
            "last_affected": "0.3.2"
        },
        {
            "introduced": "0.3.3"
        },
        {
            "last_affected": "0.3.3"
        },
        {
            "introduced": "0.3.4"
        },
        {
            "last_affected": "0.3.4"
        },
        {
            "introduced": "0.3.5"
        },
        {
            "last_affected": "0.3.5"
        },
        {
            "introduced": "0.3.8"
        },
        {
            "last_affected": "0.3.8"
        },
        {
            "introduced": "0.3.9"
        },
        {
            "last_affected": "0.3.9"
        },
        {
            "introduced": "0.3.10"
        },
        {
            "last_affected": "0.3.10"
        },
        {
            "introduced": "0.3.12"
        },
        {
            "last_affected": "0.3.12"
        },
        {
            "introduced": "0.3.13"
        },
        {
            "last_affected": "0.3.13"
        },
        {
            "introduced": "0.3.14"
        },
        {
            "last_affected": "0.3.14"
        },
        {
            "introduced": "0.3.15"
        },
        {
            "last_affected": "0.3.15"
        },
        {
            "introduced": "0.3.16"
        },
        {
            "last_affected": "0.3.16"
        },
        {
            "introduced": "0.3.17"
        },
        {
            "last_affected": "0.3.17"
        },
        {
            "introduced": "0.3.18"
        },
        {
            "last_affected": "0.3.18"
        },
        {
            "introduced": "0.3.19"
        },
        {
            "last_affected": "0.3.19"
        },
        {
            "introduced": "0.3.20"
        },
        {
            "last_affected": "0.3.20"
        },
        {
            "introduced": "0.3.21"
        },
        {
            "last_affected": "0.3.21"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

0.*
0.3.1
0.3.10
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17
0.3.18
0.3.19
0.3.2
0.3.20
0.3.21
0.3.3
0.3.4
0.3.5
0.3.8
0.3.9
cli@0.*
cli@0.3.10
cli@0.3.14
cli@0.3.15
cli@0.3.16
cli@0.3.20
v0.*
v0.3.1
v0.3.10
v0.3.12
v0.3.13
v0.3.14
v0.3.15
v0.3.16
v0.3.17
v0.3.18
v0.3.19
v0.3.2
v0.3.20
v0.3.21
v0.3.3
v0.3.4
v0.3.5
v0.3.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13507.json"