CVE-2026-7573
published 2026-05-06CVE-2026-7573: An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege…
PriorityP350high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.26%
16.7th percentile
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rapid7 | velociraptor | < 0.76.5 | 0.76.5 |
| velocidex | velociraptor | < 0.76.5 | 0.76.5 |
| www.velocidex.com | golang_velociraptor | >= 0 < 0.76.5 | 0.76.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3c93-g9g6-p5j4: An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0
ghsa_unreviewed·2026-05-06
CVE-2026-7573 [MEDIUM] CWE-639 GHSA-3c93-g9g6-p5j4: An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
GHSA
Velocidex Velociraptor has an authorization bypass vulnerability
ghsa·2026-05-06
CVE-2026-7573 [MEDIUM] CWE-639 Velocidex Velociraptor has an authorization bypass vulnerability
Velocidex Velociraptor has an authorization bypass vulnerability
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-06
Published