CVE-2026-6290CRITICAL 9.1EPSS p12.8%

CVE-2026-6290CVE-2026-6290

Description

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs which they may not have access to. The user's permissions in the other org are the same as the permissions they have in the org containing the notebook.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 12.8% · 2026-06-19T12:03:05Z
Published2026-04-15
Last modified2026-04-23

Underlying weaknesses· 1

CWE-863

References

  1. https://docs.velociraptor.app/announcements/advisories/cve-2026-6290/

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-7573
CVE
CVE-2026-4881
CVE
CVE-2026-8795
CVE
CVE-2026-28370
CVE
CVE-2026-43569
CVE
CVE-2026-21721
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.