top of page
perceptive_background_267k.jpg

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to wri…

Published:

2 maart 2026 om 23:00:00

Alert date:

3 maart 2026 om 22:05:24

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

OpenViking versions 0.2.1 and prior contain a path traversal vulnerability (CVE-2026-28518) in the .ovpack import handling functionality. The vulnerability allows attackers to write files outside the intended import directory by crafting malicious ZIP archives with traversal sequences, absolute paths, or drive prefixes in member names. This enables attackers to overwrite or create arbitrary files with the privileges of the importing process. The issue has been fixed in commit 46b3e76.

Technical details

Mitigation steps:

Affected products:

OpenViking

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-28518
https://github.com/volcengine/OpenViking/commit/46b3e76e28b9b3eee73693720c9ec48820228b72
https://github.com/volcengine/OpenViking/issues/342
https://www.vulncheck.com/advisories/openviking-ovpack-import-zip-slip-path-traversal

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page