CVE-2026-6863— Velociraptor 安全漏洞

HTTP Filestore Endpoints Misapply Permissions Across Organizations

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files from other orgs - even if they have no explicit permissions in the target org. However, the problem does not occur in reverse - a user with read access to a sub org is unable to read from other org or the root org.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

授权机制不正确

Velociraptor 安全漏洞

Velociraptor是Velocidex开源的一种使用 Velociraptor 查询语言（VQL）查询收集基于主机的状态信息的工具。 Velociraptor 0.76.4之前版本存在安全漏洞，该漏洞源于HTTP API中存在跨组织授权绕过，可能导致具有根组织读取者角色的用户读取其他组织的文件。

N/A

N/A