Cross Organization Authorization Bypass in Velociraptor by Velociraptor
CVE-2026-6863

6.8MEDIUM

Key Information:

Vendor: Rapid7
Status: Velociraptor
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-6863?

Velociraptor prior to version 0.76.4 is affected by a vulnerability that allows users with the reader role in the root organization to conduct unauthorized access. Specifically, these users can perform an authenticated HTTP GET request, enabling them to read files from other organizations, despite lacking explicit permissions. This issue poses risks as it allows leakage of sensitive information between organizations, although the vulnerability does not extend in reverse; users with read access to a sub-organization cannot access the root organization or other organizations.

Affected Version(s)

Velociraptor Linux 0 < 0.76.4, 0.75.9

References

https://docs.velociraptor.app/announcements/advisories/cv...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 22, 2026

Credit

We thank Faisal Alhumaid (Faisal.alhumaid@hotmail.com) for reporting this issue responsibly.

CVE-2026-6863 Data

JSON

Rapid7

What is CVE-2026-6863?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit