CVE-2026-6290 Velociraptor — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.0 (HIGH)
Affected Versions	before 0.76.3
Type	CWE-863 (Incorrect Authorization)
Vendor	Velociraptor
Public PoC	No

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs which they may not have access to. The user's permissions in the other org are the same as the permissions they have in the org containing the notebook.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-863 Incorrect Authorization

References 1

https://docs.velociraptor.app/announcements/advisories/cve-2026-6290/

cve@rapid7.com

Menu

CVE-2026-6290

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-6290

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity