Velociraptor

This hub aggregates every CVE we track for Velociraptor, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Velociraptor.

• CVE-2026-8795A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is in...7.8Jun 9, 2026
• CVE-2026-6863HTTP Filestore Endpoints Misapply Permissions Across Organizations6.8May 6, 2026
• CVE-2026-7572Velociraptor EVTX Parser — Process Crash via Crafted .evtx File4.4May 6, 2026
• CVE-2026-7573GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations5.0May 6, 2026
• CVE-2026-6948Unbounded Memory Allocation in VQLResponse Result-Set Writer4.9May 3, 2026
• CVE-2026-6290Velociraptor Query() Plugin Misapplies Permissions To Orgs8.0Apr 15, 2026
• CVE-2026-5329Rapid7 Velociraptor Improper Input Validation in Client Message Handler8.5Apr 9, 2026
• CVE-2025-14728Rapid7 Velociraptor Directory Traversal Vulnerability6.8Dec 29, 2025
• CVE-2025-6264Velociraptor priviledge escalation via UpdateConfig artifact5.5Jun 20, 2025
• CVE-2025-0914Velociraptor Shell Plugin Prevent_execve Bypass3.8Feb 27, 2025
• CVE-2023-5950Rapid7 Velociraptor Reflected XSS 8.6Nov 6, 2023
• CVE-2023-2226Velociraptor crashes while parsing some malformed PE or OLE files.3.3Apr 21, 2023
• CVE-2023-0290Rapid7 Velociraptor directory traversal in client ID parameter 4.3Jan 18, 2023
• CVE-2023-0242Insufficient permission check in the VQL copy() function8.8Jan 18, 2023
• CVE-2022-35632XSS in User Interface4.8Jul 29, 2022