4 matches found
CVE-2026-6290
creationtimestamp| type| source ---|---|--- 2026-04-24 00:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mk7a7u6q7g25...
Rapid7 Velociraptor < 0.75.8 / 0.76.x < 0.76.3 Incorrect Authorization (CVE-2026-6290)
The version of Rapid7 Velociraptor installed on the remote host is prior to 0.75.8 or 0.76.x prior to 0.76.3. It is, therefore, affected by an incorrect authorization vulnerability: - Velociraptor contains a vulnerability in the query plugin which allows access to all orgs with the user's current...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...
CVE-2026-6290
Velociraptor CVE-2026-6290 affects versions prior to 0.76.3, due to an incorrect authorization flaw in the query() plugin that lets a GUI user with access in one org execute VQL against other orgs using their current ACL token. The underlying issue is that the plugin’s authorization does not prop...