Off-by-one Error in Velocidex Velociraptor Affects Windows and Linux Systems
CVE-2026-7572

4.4MEDIUM

Key Information:

Vendor: Velocidex
Status: Velociraptor
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-7572?

An off-by-one error in the ConsumeUnit16Array and ConsumeUnit64Array functions of Velocidex Velociraptor can be exploited to trigger a Denial of Service (DoS) condition. This vulnerability allows an attacker to crash the process by supplying a specially crafted .evtx file to the parse_evtx VQL plugin. The flaw is present in versions prior to 0.76.5 on both Windows and Linux platforms, emphasizing the necessity for users to upgrade to mitigate potential service disruptions.

Affected Version(s)

velociraptor Windows 0 < 0.76.5

References

https://docs.velociraptor.app/announcements/advisories/cv...

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-7572 Data

JSON