What is CVE-2026-5329?

CVE-2026-5329 is a high-severity vulnerability in Rapid7 Velociraptor, classified under Improper Input Validation. CVSS score: 8.5/10. Published 2026-04-09.

How severe is CVE-2026-5329?

High severity. CVSS v3 base score is 8.5 out of 10.

Improper input validation in Rapid7 Velociraptor

CVE-2026-5329

Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (27.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Rapid7 Velociraptor — versions 0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@rapid7.com (Vendor Advisory)

Frequently asked questions

What is CVE-2026-5329?: CVE-2026-5329 is a high-severity vulnerability in Rapid7 Velociraptor, classified under Improper Input Validation. CVSS score: 8.5/10. Published 2026-04-09.
How severe is CVE-2026-5329?: High severity. CVSS v3 base score is 8.5 out of 10.