Description
OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.
Published: 2026-06-25
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an OS command injection flaw in the process_string action of the Rapid7 InsightConnect AWK Plugin. An attacker that can supply the text or expression parameters can cause the plugin to assemble and run an unsafe shell command, allowing the execution of arbitrary commands on the host. This provides remote code execution that could compromise the confidentiality, integrity, or availability of any services running on the affected system.

Affected Systems

Rapid7 InsightConnect AWK Plugin installed on Linux systems. All current releases of the plugin that have not been updated with a vendor patch are considered vulnerable; no specific version bounds were supplied by the vendor.

Risk and Exploitability

The CVSS score of 7.7 indicates high severity, but no EPSS score is available, so the likelihood of exploitation is uncertain. The flaw is not included in CISA’s KEV catalog. Attackers can exploit the vulnerability by sending crafted payloads that trigger the process_string action, which will invoke the underlying shell without proper sanitization, permitting arbitrary command execution.

Generated by OpenCVE AI on June 25, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Rapid7 InsightConnect AWK Plugin to a version that removes unsafe shell command construction.
  • If an update cannot be applied immediately, restrict usage of the process_string action to trusted users or disable the AWK Plugin until a fix is available.
  • Apply least privilege by ensuring that only privileged accounts can configure or invoke the AWK Plugin, preventing attackers from exploiting it.

Generated by OpenCVE AI on June 25, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Description OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.
Title OS Command Injection in Rapid7 InsightConnect AWK Plugin
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-06-25T13:38:34.797Z

Reserved: 2026-05-14T08:24:20.479Z

Link: CVE-2026-8592

cve-icon Vulnrichment

Updated: 2026-06-25T13:36:00.277Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T02:30:15Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')