CVE-2026-5329

Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring message with a malicious queue name. The server handler that receives client monitoring messages does not sufficiently validate the queue name supplied by the client, allowing a rogue client to write arbitrary messages to privileged internal queues. This may lead to remote code execution on the Velociraptor server. Rapid7 Hosted Velociraptor instances are not affected by this vulnerability.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://docs.velociraptor.app/announcements/advisories/cve-2026-5329/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rapid7:velociraptor::::::::
	cpe:2.3:a:rapid7:velociraptor::::::::

History

28 Apr 2026, 00:09

Type	Values Removed	Values Added
References	~~() https://docs.velociraptor.app/announcements/advisories/cve-2026-5329/ -~~	() https://docs.velociraptor.app/announcements/advisories/cve-2026-5329/ - Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:rapid7:velociraptor::::::::
First Time		Rapid7 velociraptor Rapid7

09 Apr 2026, 18:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-09 18:17

Updated : 2026-04-28 00:09

NVD link : CVE-2026-5329

Mitre link : CVE-2026-5329

CVE.ORG link : CVE-2026-5329

JSON object : View

Products Affected

rapid7

velociraptor

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2026-5329", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-04-09T18:17:04.253", "references": [{"url": "https://docs.velociraptor.app/announcements/advisories/cve-2026-5329/", "tags": ["Vendor Advisory"], "source": "cve@rapid7.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Rapid7 Velociraptor versions prior to 0.76.2\u00a0contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring message with a malicious queue name. The server handler that receives client monitoring messages\u00a0does not sufficiently validate the queue name supplied by the client, allowing a rogue client to write arbitrary messages to privileged internal queues. This may lead to remote code execution on the Velociraptor server. Rapid7 Hosted Velociraptor instances are not affected by this vulnerability."}], "lastModified": "2026-04-28T00:09:51.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAC49A9C-FD09-45D6-9493-5DA3AFF9E3AD", "versionEndIncluding": "0.75.6"}, {"criteria": "cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A554F9-5926-43C1-B906-BDB41CB36CB3", "versionEndExcluding": "0.76.3", "versionStartIncluding": "0.76"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}