CVE-2026-7572

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse evtx VQL plugin.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

CVE-2026-7572

Affected Products

Velociraptor

CVE-2026-7572

Weakness Enumeration

Related Identifiers

Affected Products

References · 2