Skip to main content

Rapid7 Velociraptor CVE-2026-8795

| EUVDEUVD-2026-35289 HIGH
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-06-09 cve@rapid7.com GHSA-6jwp-vhch-qjpr
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 03:01 EUVD
Analysis Generated
Jun 09, 2026 - 01:33 vuln.today
CVE Published
Jun 09, 2026 - 01:16 nvd
HIGH 7.8

DescriptionCVE.org

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted collection ZIP can leverage literal double quotes and newlines in the hostname to break out of the YAML quoted string and inject a new mount remapping entry. When an analyst applies the generated remapping file with --remap, arbitrary VQL executes on their machine with NullACLManager (all permissions granted, unsandboxed).

AnalysisAI

Arbitrary VQL execution in Rapid7 Velociraptor before 0.76.6 allows attackers to compromise analyst workstations by supplying a malicious collection ZIP whose client_info.json hostname field breaks out of a YAML template generated by the Windows.Collectors.Remapping artifact. Triggered when an analyst loads the resulting remapping file with --remap, the injected VQL runs under NullACLManager with full permissions and no sandbox. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Technical ContextAI

Velociraptor is an open-source DFIR endpoint-monitoring and collection platform whose 'remapping' feature lets analysts load offline collections by translating client paths via a YAML configuration. The Windows.Collectors.Remapping artifact constructs that YAML using Go's text/template package, which performs textual substitution without context-aware escaping for YAML quoted strings. The hostname value, taken from attacker-controllable client_info.json inside a collection ZIP, is interpolated directly between double quotes, so embedded literal quote and newline characters terminate the string and let new YAML keys be appended. This is a classic CWE-74 injection (improper neutralization of special elements) where the underlying flaw is using a generic text templating engine to emit a structured data format, then executing the resulting structure as code (VQL) inside an unrestricted NullACLManager context.

RemediationAI

Vendor-released patch: upgrade Rapid7 Velociraptor to 0.76.6 or later, per the advisory at https://docs.velociraptor.app/announcements/advisories/cve-2026-8795/. Until the upgrade is applied, do not invoke --remap on collection ZIPs originating from untrusted endpoints or external parties, and treat client_info.json hostname fields as untrusted by inspecting the generated remapping YAML manually before loading it; analysts who must process suspicious collections should do so inside a disposable VM or container so that any arbitrary VQL executes in an isolated environment rather than against the responder workstation, accepting the trade-off of slower triage workflows.

Share

CVE-2026-8795 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy