cbcvebase.
CVE-2026-6863
published 2026-05-06

CVE-2026-6863: Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root…

PriorityP338medium6.8CVSS 3.1
AVNACLPRHUINSCCHINAN
EPSS
0.24%
14.4th percentile
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files from other orgs - even if they have no explicit permissions in the target org. However, the problem does not occur in reverse - a user with read access to a sub org is unable to read from other org or the root org.

Affected

2 ranges
VendorProductVersion rangeFixed in
rapid7velociraptor< 0.76.4, 0.75.90.76.4, 0.75.9
www.velocidex.comgolang_velociraptor>= 0 < 0.76.40.76.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.