HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-8795Published Modified CNA rapid7

CVE-2026-8795: A YAML injection vulnerability exists in the Windows

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted collection ZIP can leverage literal double quotes and newlines in the hostname to break out of the YAML quoted string and inject a new mount remapping entry. When an analyst applies the generated remapping file with --remap, arbitrary VQL executes on their machine with NullACLManager (all permissions granted, unsandboxed).

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
0.76.6
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The vulnerability is locally triggered and requires no prior authentication, but a victim analyst must open a crafted collection ZIP file. Successful exploitation causes arbitrary VQL to execute on the analyst's machine under NullACLManager, granting the attacker full, unsandboxed permissions equivalent to all-access on that host. A patched-image rebuild at version 0.76.6 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-8795 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle Velociraptor. Any image carrying a Velociraptor binary older than 0.76.6 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 7.8 HIGH and can weight that score against each customer environment's compliance policy to prioritize routing. Triage findings are routed to the appropriate team inbox within each customer org based on configured ownership rules.

Available
Patch

A patched-image rebuild at Velociraptor 0.76.6 becomes available on HarborGuard once the fix version is confirmed in the advisory record. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker does not need network access to the target; exploitation is triggered locally when the victim opens a crafted collection ZIP file on their own machine.

  • AuthenticationNot required

    No account or credentials on the target system are required; the attacker only needs to deliver a malicious ZIP to the analyst.

  • Victim interactionRequired

    An analyst must download and apply the crafted collection ZIP, including running Velociraptor with the --remap flag against the injected remapping file, for exploitation to succeed.

  • Attack complexityDetail

    The exploit is reliable and condition-free once the malicious ZIP is opened; no race conditions, memory layout knowledge, or special environmental state is required.

Blast Radius

  • Arbitrary VQL executes on the analyst's workstation under NullACLManager, which grants all permissions with no sandboxing restrictions.
  • An attacker reads files, credentials, and secrets accessible to the analyst's user session on that machine.
  • An attacker writes or modifies files on the analyst's machine, including tools, configuration, and stored artifacts.
  • The attacker can crash or disrupt local processes, or use the unsandboxed execution context as a foothold for further lateral movement.

How HarborGuard Handles This

Available on HarborGuard: images containing Velociraptor versions below 0.76.6 are flagged as soon as the CVE record is ingested, typically within minutes of publication. A patched rebuild targeting version 0.76.6 is available for any image identified as affected. For customers with auto-remediation enabled, HarborGuard rebuilds the image, runs the regression test suite, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. For customers managing remediation manually, the HarborGuard findings dashboard surfaces the affected image layers and the exact Velociraptor binary path to accelerate triage. As a compensating control while remediation is in progress, analysts should avoid applying remapping files generated from untrusted or externally sourced collection ZIPs, and network-policy isolation can limit the blast radius if a workstation is compromised.

See how HarborGuard automates this

Fix available

0.76.6
Affected packages
  • Rapid7 / Velociraptor
    < 0.76.6 (from 0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References