CVE-2026-5329
Improper Input Validation in Velociraptor Server Enables RCE
Publication date: 2026-04-09
Last updated on: 2026-04-28
Assigner: Rapid7, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rapid7 | velociraptor | to 0.75.6 (inc) |
| rapid7 | velociraptor | From 0.76 (inc) to 0.76.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated remote attacker to write arbitrary messages to privileged internal server queues, potentially leading to remote code execution on the Velociraptor server.
Such unauthorized access and potential remote code execution could compromise the confidentiality, integrity, and availability of data handled by the Velociraptor server.
This could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system operations.
Can you explain this vulnerability to me?
CVE-2026-5329 is a critical vulnerability in Rapid7 Velociraptor server versions prior to 0.76.2, mainly affecting Linux systems. It stems from improper input validation in the client monitoring message handler, where the server does not sufficiently validate the queue name supplied by authenticated clients.
This flaw allows a rogue authenticated client to craft monitoring messages with malicious queue names and write arbitrary messages to privileged internal server queues.
Exploitation of this vulnerability can lead to remote code execution on the Velociraptor server, potentially allowing an attacker to take control of the server.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an authenticated remote attacker to execute arbitrary code remotely on the Velociraptor server.
Such remote code execution can lead to unauthorized control over the server, potentially compromising sensitive data, disrupting services, or enabling further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
The only effective mitigation for this vulnerability is to upgrade the Velociraptor server to a fixed version.
- Upgrade to Velociraptor version 0.76.2 or later if you are using the 0.76 release series.
- Upgrade to Velociraptor version 0.75.7 or later if you are using the 0.75 release series.
Configuration changes cannot mitigate this issue, so applying the upgrade is critical to prevent exploitation.