YAML Injection Vulnerability in Rapid7 Velociraptor
CVE-2026-8795

7.8HIGH

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
9 June 2026

What is CVE-2026-8795?

A YAML injection vulnerability in Rapid7 Velociraptor allows attackers to manipulate the hostname field within client_info.json. By providing a specially crafted ZIP collection, the attacker can inject malicious entries into a YAML template. This can lead to arbitrary code execution on an analyst's machine when the resultant remapping file is applied using the --remap option, allowing the execution of VQL commands without restrictions.

Affected Version(s)

Velociraptor Linux 0 < 0.76.6

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Artificial Intelligence
.