CVE-2026-6290
Published: 15 April 2026
Summary
CVE-2026-6290 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Rapid7 Velociraptor. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates enforcement of approved authorizations for logical access, preventing cross-org data access via the flawed query() plugin using the user's ACL token.
Requires a tamper-resistant reference monitor to mediate all accesses to security-critical resources, addressing the query() plugin's failure to enforce org-specific isolation.
Ensures timely identification, reporting, and patching of the specific authorization flaw in the query() plugin, as fixed in Velociraptor 0.76.3.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows an authenticated GUI user to leverage their existing ACL token to bypass org isolation and execute VQL queries against other organizations, directly facilitating abuse of valid accounts and application access tokens to access unauthorized resources and data.
NVD Description
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin,…
more
in a notebook cell, to run VQL queries on other orgs which they may not have access to. The user's permissions in the other org are the same as the permissions they have in the org containing the notebook.
Deeper analysisAI
CVE-2026-6290 is a vulnerability in Velociraptor versions prior to 0.76.3, affecting the query() plugin. This flaw enables unauthorized access across organizations (orgs) by leveraging the user's current Access Control List (ACL) token. Specifically, it allows an authenticated GUI user with permissions in one org to execute Velociraptor Query Language (VQL) queries on other orgs via the query() plugin in a notebook cell, bypassing intended org isolation. The issue is classified under CWE-863 (Incorrect Authorization) with a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts under certain conditions.
An attacker must be an authenticated GUI user with existing access to at least one org. Exploitation occurs by inserting the query() plugin into a notebook cell within that org, allowing VQL queries to target and access data from other orgs without explicit permissions there. The permissions applied in the targeted orgs mirror those of the user in the notebook's originating org, potentially enabling broad data exfiltration, modification, or other actions depending on the user's privileges. The attack requires high privileges (PR:H) and high attack complexity (AC:H), but achieves scope change (S:C) for network-based exploitation without user interaction.
The official advisory at https://docs.velociraptor.app/announcements/advisories/cve-2026-6290/ details mitigation steps, with Velociraptor 0.76.3 and later versions addressing the issue by fixing the query() plugin's org scoping. Security practitioners should upgrade affected deployments immediately and review ACL configurations across multi-org environments to prevent lateral movement risks.
Details
- CWE(s)