Published on 2026-06-04
A YAML injection vulnerability in the Windows.Collectors.Remapping artifact allows an attacker who supplies a crafted collection ZIP to execute arbitrary VQL on the analyst's machine. The hostname field in client_info.json inside the ZIP is inserted into a YAML template via Go's text/template without any YAML escaping. By embedding a literal " followed by newlines in the hostname, an attacker breaks out of the YAML quoted string and injects a new mount remapping entry whose scope field contains VQL that executes with NullACLManager (all permissions granted, no sandboxing) when the analyst applies the generated remapping file with --remap.
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-74
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-94
CWE-116 Improper Encoding or Escaping of Output
CWE-116
CAPEC-549: Local Execution of Code
CAPEC-549
| Product | Affected |
|---|---|
|
Rapid7 Velociraptor
on
Linux
source repo Default status is unaffected |
before 0.76.6 |
We thank Artificial Intelligence for identifying and reporting this issue responsibly
This vulnerability only affects users who use
remapping to directly
operate on offline collections. This usage typically uses the
Windows.Collectors.Remapping artifact to generate a remapping file
and then subsequently uses that remapping file to collect artifacts on
the offline collector file directly. This is a very niche use case and
a very common processing pipeline.
To mitigate this issue you can upgrade the server to version
0.76.6 or copy the latest Windows.Collectors.Remapping artifact from the
latest release into the config file.