GO-2026-5438

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2026-5438

Import Source

https://vuln.go.dev/ID/GO-2026-5438.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2026-5438

Aliases

CVE-2026-6290
GHSA-hv5g-26jg-pc45

Published

2026-06-25T22:34:31Z

Modified

2026-06-25T23:01:10.828917598Z

Summary

Velociraptor vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token in www.velocidex.com/golang/velociraptor

Details

Velociraptor vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token in www.velocidex.com/golang/velociraptor

Database specific

{
    "review_status": "UNREVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2026-5438"
}

References

Affected packages

Go / www.velocidex.com/golang/velociraptor

Package

Name: www.velocidex.com/golang/velociraptor; View open source insights on deps.dev
Purl: pkg:golang/www.velocidex.com/golang/velociraptor

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://vuln.go.dev/ID/GO-2026-5438.json"