cbcvebase.
CVE-2026-7572
published 2026-05-06

CVE-2026-7572: An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux…

PriorityP417medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.14%
3.9th percentile
An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.

Affected

3 ranges
VendorProductVersion rangeFixed in
rapid7velociraptor< 0.76.50.76.5
velocidexvelociraptor< 0.76.50.76.5
www.velocidex.comgolang_velociraptor>= 0 < 0.76.50.76.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.