Medium severity5.0NVD Advisory· Published May 6, 2026· Updated Jun 1, 2026
CVE-2026-7573
CVE-2026-7573
Description
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org parameters via a network request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
www.velocidex.com/golang/velociraptorGo | < 0.76.5 | 0.76.5 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.