CVE-2026-7572: Velocidex Velociraptor has an off-by-one error

May 6, 2026 (updated May 11, 2026)

An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.

References

docs.velociraptor.app/announcements/advisories/cve-2026-7572
github.com/advisories/GHSA-6cmp-qv2f-x97x
nvd.nist.gov/vuln/detail/CVE-2026-7572

Code Behaviors & Features

Detect and mitigate CVE-2026-7572 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →