| Title | ByteDance / Volcengine OpenViking Commit 55a0c0ea15d55dca231fc3a1654474032478bcd8 (2026-03-25); affected released versions unknown CWE-345 Insufficient Verification of Data Authenticity |
|---|
| Description | A vulnerability was found in OpenViking at commit 55a0c0ea15d55dca231fc3a1654474032478bcd8 and classified as medium severity.
Affected components include the local VectorDB record identity path and account key derivation logic. In the local VectorDB path, primary-key labels are derived from the bare record id by hashing only the id string. Tenant and semantic context fields such as account_id, context_type, owner_space, and uri are not part of the local label. If two records with different security semantics reach the shared local collection with the same bare id, they map to the same internal label. This can cause record overwrite, retrieval confusion, or corruption of RAG context metadata.
The account key derivation logic derives an account key from root_key and account_id. The derivation does not expose a separate key purpose or derivation version parameter, so callers cannot cryptographically separate keys for different logical uses unless they implement purpose separation outside the provider API.
Technical Details
- Affected file/function: openviking/storage/vectordb/utils/str_to_uint64.py:str_to_uint64
- Affected file/function: openviking/storage/vectordb/collection/local_collection.py upsert/fetch/delete label conversion
- Affected file/function: openviking/storage/viking_vector_index_backend.py:_SingleAccountBackend.upsert
- Affected file/function: openviking/crypto/providers.py:RootKeyProvider._hkdf_derive / LocalFileProvider.derive_account_key
- Vulnerable parameter: record id and account_id-derived key context
- Attack vector: Network or local, depending on whether an application exposes resource/vector insertion or storage API access to untrusted users
- Privileges required: Low
- User interaction required: No
- Trigger condition: Two records or key derivation requests share the visible key material while differing in tenant, uri, context type, owner space, purpose, or derivation version
Impact
- Confidentiality: Low
- Integrity: High
- Availability: Low
CVSS v3.1
Score: 6.5 (Medium)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Timeline
- Discovered: 2026-05-27
- Vendor notified: [unknown]
- Patch released: [unknown]
- Public disclosure: [unknown]
Countermeasure
Bind generated storage keys and cryptographic derivations to the full security context. For VectorDB labels, include account_id and relevant semantic fields in the identity or enforce immutable id-to-context mappings. For HKDF, include explicit key_purpose and derivation_version in the HKDF info value and reject cross-purpose key reuse. |
|---|
| Source | ⚠️ https://github.com/volcengine/OpenViking/issues/2263 |
|---|
| User | Dem000000 (UID 98564) |
|---|
| Submission | 05/27/2026 13:37 (1 month ago) |
|---|
| Moderation | 06/28/2026 08:18 (1 month later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 374515 [volcengine OpenViking up to 0.3.21 Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 ID data authenticity] |
|---|
| Points | 20 |
|---|