Primary

Context

Rapid7 Velociraptor Cross-Organization Authorization Bypass Vulnerability

Vulnerability

Patched

A cross-organization authorization bypass vulnerability has been identified in the Velociraptor HTTP API, affecting versions prior to 0.76.4. This vulnerability allows a user with the reader role in the root organization to access files from other organizations without explicit permissions. However, the issue does not reverse; users with read access to a sub-organization cannot access files from other organizations or the root organization.

Impact

Exploitation of this vulnerability allows unauthorized access to files across different organizations, bypassing established permission controls.

Remediation

Users should upgrade to Velociraptor version 0.76.4 or 0.75.9, depending on their current release.

Added: May 6, 2026, 6:54 PM

Updated: May 6, 2026, 6:54 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rapid7 Velociraptor Cross-Organization Authorization Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rapid7 Velociraptor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating