YAML Injection Vulnerability in Rapid7 Velociraptor
CVE-2026-8795
7.8HIGH
What is CVE-2026-8795?
A YAML injection vulnerability in Rapid7 Velociraptor allows attackers to manipulate the hostname field within client_info.json. By providing a specially crafted ZIP collection, the attacker can inject malicious entries into a YAML template. This can lead to arbitrary code execution on an analyst's machine when the resultant remapping file is applied using the --remap option, allowing the execution of VQL commands without restrictions.
Affected Version(s)
Velociraptor Linux 0 < 0.76.6
