CVE-2026-5329
Description
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring message with a malicious queue name. The server handler that receives client monitoring messages does not sufficiently validate the queue name supplied by the client, allowing a rogue client to write arbitrary messages to privileged internal queues. This may lead to remote code execution on the Velociraptor server. Rapid7 Hosted Velociraptor instances are not affected by this vulnerability.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- docs.velociraptor.app/announcements/advisories/cve-2026-5329/nvdVendor Advisory
News mentions
5- Thus Spoke…The GentlemenCheck Point Research · May 13, 2026
- ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More StoriesThe Hacker News · Apr 30, 2026
- PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian NetworksThe Hacker News · Apr 27, 2026
- From Bulk Export to AI-ready Security Workflows: Introducing Rapid7’s Open-Source MCP Server and Agent SkillRapid7 Blog · Apr 21, 2026
- EDR killers explained: Beyond the driversESET WeLiveSecurity · Mar 19, 2026