CVE-2026-7572 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2026-7572

Analyzed

More Info Official Page

Source-cve@rapid7.com

Published At-06 May, 2026 | 03:15

Updated At-01 Jun, 2026 | 16:59

An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Primary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 4.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Type: Primary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CPE Matches

>>velociraptor>>Versions before 0.76.5(exclusive)

cpe:2.3:a:rapid7:velociraptor:*:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>-

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-193	Secondary	cve@rapid7.com

CWE ID: CWE-193

Type: Secondary

Source: cve@rapid7.com

References

Hyperlink	Source	Resource
https://docs.velociraptor.app/announcements/advisories/cve-2026-7572/	cve@rapid7.com	Vendor Advisory

Hyperlink: https://docs.velociraptor.app/announcements/advisories/cve-2026-7572/

Source: cve@rapid7.com

Resource:

Vendor Advisory