VYPR

Velociraptor

by Rapid7

Source repositories

CVEs (17)

  • CVE-2024-10526HigNov 7, 2024
    risk 0.56cvss epss 0.00

    Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control…

  • CVE-2026-6290HigApr 15, 2026
    risk 0.52cvss 8.0epss 0.00

    Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries…

  • CVE-2026-5329HigApr 9, 2026
    risk 0.48cvss 8.5epss 0.00

    Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a…

  • CVE-2026-8795HigJun 9, 2026
    risk 0.44cvss 7.8epss 0.00

    A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker…

  • CVE-2026-7573MedMay 6, 2026
    risk 0.33cvss 5.0epss 0.00

    An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying…

  • CVE-2026-7572MedMay 6, 2026
    risk 0.29cvss 4.4epss 0.00

    An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx…

  • CVE-2025-14728Dec 29, 2025
    risk 0.00cvss epss 0.00

    Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue…

  • CVE-2025-6264Jun 20, 2025
    risk 0.00cvss epss 0.01

    Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.  To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions…

  • CVE-2023-5950Nov 6, 2023
    risk 0.00cvss epss 0.00

    Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This…

  • CVE-2023-2226Apr 21, 2023
    risk 0.00cvss epss 0.00

    Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files.  For this attack to succeed, the attacker needs to be able to introduce malicious…

  • CVE-2023-0290Jan 18, 2023
    risk 0.00cvss epss 0.01

    Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the…

  • CVE-2023-0242Jan 18, 2023
    risk 0.00cvss epss 0.01

    Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files…

  • CVE-2022-35632Jul 29, 2022
    risk 0.00cvss epss 0.00

    The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2.

  • CVE-2022-35631Jul 29, 2022
    risk 0.00cvss epss 0.00

    On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.

  • CVE-2022-35630Jul 29, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2.

  • CVE-2022-35629Jul 29, 2022
    risk 0.00cvss epss 0.00

    Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.

  • CVE-2021-3619Aug 17, 2021
    risk 0.00cvss epss 0.01

    Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that…