PT-2026-37643 · Unknown · Velociraptor
Faisal Alhumaid
·
Published
2026-05-06
·
Updated
2026-05-20
·
CVE-2026-6863
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Velociraptor versions prior to 0.76.4
Description
A cross organization authorization bypass exists in the HTTP API. A user assigned the reader role in the root organization, which possesses only
READ RESULTS permission, can perform an authenticated HTTP GET request to read files from other organizations, regardless of whether they have explicit permissions in the target organization.Recommendations
Update to version 0.76.4 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Velociraptor