CVE-2026-6948

MEDIUM NVD

CVSS Score 4.9

Severity MEDIUM

Published May 04, 2026

Vendor unknown

Description

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory (OOM) by sending crafted messages through the normal client communication channel.

References

https://docs.velociraptor.app/announcements/advisories/cve-2026-6948/