CVE-2026-6290

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.76.3

Description A flaw in the query() plugin allows an authenticated GUI user to access all organizations using their current ACL token. By utilizing the query() plugin within a notebook cell, a user with access to one organization can execute VQL queries on other organizations they are not authorized to access. In such cases, the user maintains the same permissions in the target organization as they have in the organization where the notebook is located.

Recommendations Update to version 0.76.3 or later.