Skip to main content
CVE Vulnerability Database

CVE-2026-8795: Rapid7 Velociraptor YAML Injection RCE

CVE-2026-8795 is a YAML injection vulnerability in Rapid7 Velociraptor that enables remote code execution through crafted collection ZIPs. This post covers the technical details, affected versions, and mitigation steps.

Published:

CVE-2026-8795 Overview

CVE-2026-8795 is a YAML injection vulnerability in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The flaw resides in how the artifact handles the hostname field from client_info.json inside a collection ZIP archive. Velociraptor inserts this field into a YAML template using Go's text/template package without escaping. An attacker who supplies a crafted collection ZIP can inject arbitrary YAML content, including a malicious mount remapping entry. When an analyst applies the generated remapping file with the --remap flag, arbitrary Velociraptor Query Language (VQL) executes with NullACLManager, granting all permissions in an unsandboxed context. This vulnerability is categorized under [CWE-74].

Critical Impact

A crafted collection ZIP can achieve arbitrary VQL execution on an analyst's workstation with full permissions, enabling code execution during forensic triage workflows.

Affected Products

  • Rapid7 Velociraptor versions prior to 0.76.6
  • The Windows.Collectors.Remapping artifact
  • Analyst workstations processing untrusted collection ZIPs with --remap

Discovery Timeline

  • 2026-06-09 - CVE-2026-8795 published to NVD
  • 2026-06-09 - Last updated in NVD database

Technical Details for CVE-2026-8795

Vulnerability Analysis

Velociraptor is a digital forensics and incident response (DFIR) tool that collects evidence from endpoints. The Windows.Collectors.Remapping artifact generates a remapping configuration file from the contents of a collection ZIP. During this process, Velociraptor reads client_info.json and inserts the hostname value into a YAML template using Go's text/template package. The template engine performs no YAML-aware escaping on the inserted value.

An attacker who controls the collection ZIP can supply a hostname containing literal double quotes and newline characters. These characters terminate the YAML quoted string and allow the attacker to introduce arbitrary YAML structure, including a new mount remapping entry that executes attacker-controlled VQL.

Root Cause

The root cause is missing context-aware output encoding for untrusted input embedded in a structured data format. Go's text/template is not YAML-aware and does not escape control characters or quote delimiters. Combining unescaped templating with attacker-influenced input from client_info.json produces a classic injection primitive against the generated configuration file.

Attack Vector

Exploitation requires the attacker to craft a malicious collection ZIP and convince an analyst to process it with the Windows.Collectors.Remapping artifact, then apply the generated remapping with --remap. When the remapping file is loaded, VQL execution proceeds under NullACLManager, which grants all permissions and bypasses Velociraptor's sandboxing. The result is arbitrary code execution on the analyst's machine in the security context of the Velociraptor binary.

No verified public exploit code is available. Refer to the Velociraptor Security Advisory for technical details from the vendor.

Detection Methods for CVE-2026-8795

Indicators of Compromise

  • Collection ZIP archives containing a client_info.json file with a hostname value that includes double quotes, newline characters, or YAML control syntax.
  • Generated remapping YAML files containing unexpected mount entries or VQL expressions not produced by the standard artifact template.
  • Unexpected child processes spawned by the Velociraptor binary on analyst workstations shortly after --remap invocation.

Detection Strategies

  • Inspect client_info.json inside any collection ZIP before processing, validating that hostname matches expected hostname character classes.
  • Diff generated remapping files against the canonical artifact template to identify injected YAML keys or VQL fragments.
  • Hunt for Velociraptor process executions on analyst hosts that produce uncommon child processes such as cmd.exe, powershell.exe, or network utilities.

Monitoring Recommendations

  • Log all invocations of Velociraptor with the --remap argument and capture the source ZIP path.
  • Track the provenance of collection ZIPs, especially those received from third parties or external incident response engagements.
  • Alert on Velociraptor binary executions that occur outside scheduled collection windows on analyst endpoints.

How to Mitigate CVE-2026-8795

Immediate Actions Required

  • Upgrade Velociraptor to version 0.76.6 or later on all analyst workstations and tooling hosts.
  • Avoid running the Windows.Collectors.Remapping artifact against any untrusted or externally sourced collection ZIP until patched.
  • Audit recent uses of --remap to confirm the source ZIP and generated configuration are trusted.

Patch Information

Rapid7 has released Velociraptor 0.76.6, which addresses the YAML injection by properly escaping the hostname field before it is rendered into the remapping template. Review the Velociraptor Security Advisory for the official fix details and upgrade guidance.

Workarounds

  • Manually inspect client_info.json inside collection ZIPs and sanitize or reject any hostname containing quotes, newlines, or YAML metacharacters before remapping.
  • Review generated remapping YAML files for unexpected mount entries or VQL content prior to applying them with --remap.
  • Run Velociraptor analyst tooling on isolated, least-privilege workstations to limit blast radius if exploitation occurs.
bash
# Configuration example
# Verify installed Velociraptor version and upgrade if below 0.76.6
velociraptor version

# Inspect hostname field in a collection ZIP before processing
unzip -p collection.zip client_info.json | jq -r '.hostname'

# Only apply --remap against files generated from validated sources
velociraptor --remap /path/to/validated/remapping.yaml query "SELECT * FROM info()"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.