Known Vulnerabilities for Velociraptor by Velocidex
Listed below are 5 of the newest known vulnerabilities associated with "Velociraptor" by "Velocidex".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-7573 json | An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows... | Not Provided | 2026-05-06 | 2026-05-06 |
| CVE-2026-7572 json | An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before ver... | Not Provided | 2026-05-06 | 2026-05-06 |
| CVE-2026-6948 json | Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. T... | Not Provided | 2026-05-04 | 2026-05-04 |
| CVE-2026-6290 json | Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the ... | Not Provided | 2026-04-15 | 2026-04-16 |
| CVE-2026-5329 json | Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring mes... | Not Provided | 2026-04-09 | 2026-04-16 |