Primary

Context

Velociraptor Resource Exhaustion Vulnerability Allowing Server Crash via Out-of-Memory Conditions

Vulnerability

Patched

A resource exhaustion vulnerability has been identified in Velociraptor versions prior to 0.76.4. This vulnerability resides in the server's agent control channel, where a compromised or rogue Velociraptor client can send crafted messages through the normal client communication channel. These messages can overwhelm the server, leading to a crash by causing out-of-memory conditions.

Impact

Exploitation of this vulnerability can cause the Velociraptor server to crash, leading to a denial-of-service condition.

Remediation

Users can upgrade to Velociraptor version 0.76.4 or 0.75.9, depending on their current version. Instructions for upgrading a Velociraptor server are available in the Velociraptor documentation.

Added: May 4, 2026, 12:19 AM

Updated: May 4, 2026, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Velociraptor Resource Exhaustion Vulnerability Allowing Server Crash via Out-of-Memory Conditions

Vulnerability

Impact

Remediation

Affected Products

Rapid7 Velociraptor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating