CVE-2026-7572 PUBLISHED

Velociraptor EVTX Parser — Process Crash via Crafted .evtx File

Assigner: rapid7
Reserved: 01.05.2026 Published: 06.05.2026 Updated: 06.05.2026

An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx VQL plugin.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVSS Score: 4.4

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Velocidex
Product	velociraptor
Versions	Default: unaffected affected from 0 to 0.76.5 (excl.)

References

https://docs.velociraptor.app/announcements/advisories/cve-2026-7572/

Problem Types

CWE-193: Off-by-one Error CWE

Impacts

CAPEC-617 Cellular Rogue Base Station