Rapid7 Velociraptor Improper Input Validation in Client Message Handler

Description

Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring message with a malicious queue name. The server handler that receives client monitoring messages does not sufficiently validate the queue name supplied by the client, allowing a rogue client to write arbitrary messages to privileged internal queues. This may lead to remote code execution on the Velociraptor server. Rapid7 Hosted Velociraptor instances are not affected by this vulnerability.

Affected Products

Vendor	Product	Versions
rapid7	velociraptor	0, 0, 0

References

https://docs.velociraptor.app/announcements/advisories/cve-2026-5329/

Related News (1 articles)

Tier C

VulDB16h ago

CVE-2026-5329 | Rapid7 Velociraptor up to 0.74.6/0.75.6/0.76.1 Client Monitoring Message handler input validation

→ No new info (linked only)

CVSS 3.18.5 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-20

PublishedApr 9, 2026

Last enriched15h agov2

Trending Score48

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 15h ago

v2Tier C15h ago

Updated affected versions to include 0.74.6, 0.75.6, and 0.76.1, changed severity to CRITICAL, and marked as actively exploited.

affectedVersionsseverityactivelyExploited

via VulDB

v117h ago

Initial creation

Rapid7 Velociraptor Improper Input Validation in Client Message Handler

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History