Detections
Analytics
Rapid7 Velociraptor < 0.75.8 / 0.76.x < 0.76.3 Incorrect Authorization (CVE-2026-6290)
high Nessus Plugin ID 307355
Synopsis
An application installed on the remote host is affected by an incorrect authorization vulnerability.Description
The version of Rapid7 Velociraptor installed on the remote host is prior to 0.75.8 or 0.76.x prior to 0.76.3. It is, therefore, affected by an incorrect authorization vulnerability:- Velociraptor contains a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org to use the query() plugin in a notebook cell to run VQL queries on other orgs which they may not have access to. The user's permissions in the other org are the same as the permissions they have in the org containing the notebook. (CVE-2026-6290)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Rapid7 Velociraptor version 0.75.8 / 0.76.3 or later.See Also
https://docs.velociraptor.app/announcements/advisories/cve-2026-6290/
Plugin Details
Severity: High
ID: 307355
File Name: rapid7_velociraptor_CVE-2026-6290.nasl
Version: 1.1
Type: Local
Agent: windows, macosx, unix
Family: Misc.
Published: 4/17/2026
Updated: 4/17/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.1
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:H/Au:M/C:C/I:C/A:C
CVSS Score Source: CVE-2026-6290
CVSS v3
Risk Factor: High
Base Score: 8
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS v4
Risk Factor: High
Base Score: 8.9
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Vulnerability Information
CPE: cpe:/a:rapid7:velociraptor
Required KB Items: installed_sw/Rapid7 Velociraptor
Patch Publication Date: 4/8/2026
Vulnerability Publication Date: 4/8/2026
Reference Information
CVE: CVE-2026-6290