Issuer: Adverse Trace Date issued: 2026-06-09 Version: 1.0
1. Executive summary
A critical YAML injection vulnerability (CVE-2026-8795) affects Rapid7 Velociraptor versions prior to 0.76.6, specifically within the Windows.Collectors.Remapping artifact. The vulnerability arises because the hostname field in client_info.json is inserted into a YAML template via Go's text/template without proper escaping, allowing an attacker to inject arbitrary VQL commands. If an analyst processes a malicious collection ZIP using the --remap flag, the injected code executes with NullACLManager privileges, granting full, unsandboxed access to the analyst's workstation. For EMEA financial services, this presents a severe supply-chain and insider-threat risk where compromised forensic data can pivot to compromise the incident response infrastructure itself.
2. Regulatory framing
| Regulation | Article | Practical Impact for Financial Entities |
|---|---|---|
| DORA | Art. 17 | Requires immediate classification of this incident as a "major" ICT-related incident if exploitation leads to unauthorized data access or system compromise, triggering strict reporting timelines to competent authorities. |
| DORA | Art. 19 | Mandates the implementation of specific patching procedures for the Velociraptor platform; failure to upgrade to v0.76.6+ constitutes a gap in the ICT risk management framework. |
| DORA | Art. 28-30 | Highlights third-party risk; financial entities using Velociraptor must verify their vendor's remediation status and ensure their own usage of the --remap function adheres to strict input validation policies. |
| NIS2 | Art. 21(2)(d) | Obliges entities to implement policies for vulnerability handling and disclosure; the use of unescaped user input in core tooling violates basic supply chain security requirements. |
| NIS2 | Art. 23 | Requires entities to assess the impact of this vulnerability on their essential services and report any successful exploitation that disrupts service availability or integrity. |
3. Attack chain
- Preparation: An attacker creates a malicious ZIP file containing a crafted
client_info.json. - Injection: The attacker manipulates the
hostnamefield within the JSON to include literal double quotes and newlines, breaking the YAML quoted string context. - Delivery: The malicious ZIP is introduced to the environment (e.g., uploaded as a purported forensic collection from a compromised endpoint or provided by a threat actor posing as a partner).
- Trigger: A security analyst or automated process executes the Velociraptor remapping function using the
--remapflag against the malicious collection. - Execution: The unsanitized hostname injects a new mount remapping entry, causing arbitrary VQL (Velociraptor Query Language) to execute on the analyst's machine.
- Privilege Escalation: The injected VQL runs under
NullACLManager, bypassing all permission checks and sandboxing.
Unconfirmed steps: The specific mechanism by which the malicious ZIP is initially delivered to the analyst (e.g., phishing email vs. compromised endpoint ingestion) is not specified in the source material and depends on the specific operational context of the victim organization. Attribution of any active exploitation campaigns is currently unknown.
4. Mitigation & containment
P1 (Within 24h): Operational Containment * Disable Remapping: Immediately cease usage of the --remap flag in all Velociraptor workflows until validation is complete. * Input Validation: Implement a gateway check or manual review process for any client_info.json files before they are processed by Velociraptor instances. Look for newlines (\n) or unescaped quotes within the hostname field. * Isolate Analyst Workstations: If --remap has been used on untrusted collections in the last 30 days, isolate those analyst workstations for forensic review, assuming potential full compromise.
P2 (Within 72h): Remediation * Upgrade Vendor Tool: Upgrade Rapid7 Velociraptor to version 0.76.6 or later immediately. This version contains the fix for the YAML injection. * Command (Linux/Systemd): systemctl stop velociraptor && apt-get install velociraptor=0.76.6 && systemctl start velociraptor (Adjust for specific package manager). * Command (Windows): Download the latest MSI from the official Rapid7/Velociraptor release page and execute with administrative privileges. * Version Pinning: Enforce version pinning in deployment scripts to prevent rollback to vulnerable versions (< 0.76.6).
P3 (Within 7 days): Process Hardening * Policy Update: Update Incident Response playbooks to explicitly forbid the use of --remap on collections from unverified or low-trust sources. * Supply Chain Review: Audit all third-party forensic and DFIR tools for similar template injection vulnerabilities where user-controlled data is merged into configuration files.
5. Indicators of compromise
No specific file hashes, domains, or IP addresses associated with active exploitation are available in the source material. The indicator is the presence of a specific malformed structure within a legitimate file type.
filename client_info.json
field_name hostname
flag --remap
version_affected < 0.76.6
6. Detection
The following rules detect the specific conditions required for exploitation: the use of the vulnerable flag and the presence of newline characters within the hostname field of a JSON file.
rule Velociraptor_YAML_Injection_Attempt {
meta:
author = "Adverse Trace"
date = "2026-06-09"
reference = "https://github.com/advisories/GHSA-6jwp-vhch-qjpr"
description = "Detects potential YAML injection payload in client_info.json hostname field targeting Velociraptor"
cve = "CVE-2026-8795"
strings:
$json_key = "\"hostname\"" ascii
$newline_injection = "\"\n" ascii
$breakout = "\"\n " ascii // Typical YAML breakout pattern
condition:
filename =~ /client_info\.json$/ and ($json_key and ($newline_injection or $breakout))
}
title: Velociraptor Remap Flag Usage
id: 9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d
status: experimental
description: Detects execution of Velociraptor with the --remap flag, which triggers the vulnerable code path in versions < 0.76.6.
author: Adverse Trace
date: 2026/06/09
references:
- https://github.com/advisories/GHSA-6jwp-vhch-qjpr
logsource:
category: process_creation
product: windows
detection:
selection:
Image|endswith: '\velociraptor.exe'
CommandLine|contains: '--remap'
condition: selection
level: high
tags:
- attack.execution
- cve.2026.8795
7. Sources
- GitHub Advisory Database, "A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7...", https://github.com/advisories/GHSA-6jwp-vhch-qjpr, 2026-06-09.
- National Vulnerability Database, "CVE-2026-8795", https://github.com/advisories/GHSA-6jwp-vhch-qjpr, 2026-06-09.
8. Adverse Trace position
We assess the severity of CVE-2026-8795 as High for any EMEA financial institution utilizing Rapid7 Velociraptor versions prior to 0.76.6 for incident response or threat hunting. The risk is compounded by the fact that exploitation results in NullACLManager privileges, effectively handing an attacker the keys to the analyst's workstation and potentially the broader Velociraptor cluster if network segmentation is weak. While no active exploitation in the wild has been confirmed in the source material, the simplicity of the exploit (crafting a JSON file) makes it highly weaponizable. Our team will monitor threat intelligence feeds for signs of weaponization and assist clients in validating their Velociraptor deployment versions and remapping workflows.
Published via PulseTrace — Adverse Trace threat intelligence.