Description
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted collection ZIP can leverage literal double quotes and newlines in the hostname to break out of the YAML quoted string and inject a new mount remapping entry. When an analyst applies the generated remapping file with --remap, arbitrary VQL executes on their machine with NullACLManager (all permissions granted, unsandboxed).
Published: 2026-06-09
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Rapid7 Velociraptor’s Windows.Collectors.Remapping artifact had a YAML injection flaw that allowed an attacker to insert malicious YAML content into a collection ZIP’s client_info.json hostname field. The Go text/template engine rendered the hostname without escaping, so the attacker could break out of a quoted string and inject a new mount remapping entry. When an analyst applies the malicious remapping file with the --remap option, the embedded VQL code is executed under the NullACLManager, granting the attacker unrestricted control over the analyst’s machine.

Affected Systems

This issue affects Rapid7 Velociraptor deployments running before version 0.76.6 on Windows systems that use the Remapping artifact for mount configuration. Only the Windows.Collectors.Remapping component is vulnerable; sysadmins must verify their cluster membership configuration and the version of Velociraptor in use.

Risk and Exploitability

The vulnerability has a CVSS score of 7.8, indicating high severity, but its EPSS score is not available, so current exploitation probability is unclear. It is not yet listed in the CISA KEV catalog, suggesting no confirmed public exploitation. The likely attack vector requires an attacker to supply a malicious collection ZIP to a user who will run the remap command, meaning the threat is primarily to a trusted analyst’s environment, yet the impact would be equivalent to local privilege escalation on that host.

Generated by OpenCVE AI on June 9, 2026 at 02:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Rapid7 Velociraptor to version 0.76.6 or newer to eliminate the YAML injection flaw.
  • If an upgrade is not immediately possible, disable or restrict the use of the --remap command for untrusted or externally sourced collection ZIP files, ensuring analysts only apply files from trusted internal sources.
  • Validate or sanitize the hostname field in client_info.json before processing, ensuring no unescaped double quotes or newlines are allowed, to block injection attempts.
  • Apply additional system hardening measures such as setting the NullACLManager to a restricted role or eliminating it for user sessions so that even if VQL executes, it lacks broad privileges.

Generated by OpenCVE AI on June 9, 2026 at 02:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Title YAML Injection in Velociraptor Remapping Allows Arbitrary VQL Execution
First Time appeared Rapid7
Rapid7 velociraptor
Vendors & Products Rapid7
Rapid7 velociraptor

Tue, 09 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Description A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted collection ZIP can leverage literal double quotes and newlines in the hostname to break out of the YAML quoted string and inject a new mount remapping entry. When an analyst applies the generated remapping file with --remap, arbitrary VQL executes on their machine with NullACLManager (all permissions granted, unsandboxed).
Weaknesses CWE-116
CWE-74
CWE-94
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Rapid7 Velociraptor
cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-06-09T14:30:53.093Z

Reserved: 2026-05-17T23:31:05.101Z

Link: CVE-2026-8795

cve-icon Vulnrichment

Updated: 2026-06-09T14:30:49.776Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T01:16:47.470

Modified: 2026-06-09T13:49:39.993

Link: CVE-2026-8795

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T02:45:36Z

Weaknesses