Velocidex Velociraptor vulnerabilities
2 known vulnerabilities affecting velocidex/velociraptor.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-7573P3HIGHCVSS 7.7fixed in 0.76.52026-05-06
CVE-2026-7573 [HIGH] CWE-639 CVE-2026-7573: An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor be
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
nvd
CVE-2026-7572P4MEDIUMCVSS 5.5fixed in 0.76.52026-05-06
CVE-2026-7572 [MEDIUM] CWE-193 CVE-2026-7572: An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocide
An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.
nvd