Description
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.
Published: 2026-06-25
Score: 6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The disclosed vulnerability is an OS command injection flaw in the Rapid7 InsightConnect Tcpdump Plugin on Linux. When an authenticated user supplies crafted options or filter parameters, the plugin concatenates them into a shell command without proper sanitization, allowing the execution of arbitrary OS commands. This flaw, classified as CWE-78, gives the attacker the ability to exfiltrate data, compromise system integrity, or disrupt services, effectively granting remote code execution on the machine running the InsightConnect engine.

Affected Systems

The issue affects installations of Rapid7 InsightConnect that include the Tcpdump Plugin on Linux platforms. No specific version numbers are listed in the advisory, so all current and older builds of the plugin may be vulnerable until a patch is released by Rapid7.

Risk and Exploitability

The CVSS score of 6 indicates moderate severity. No EPSS data is available, but the flaw requires authentication to the plugin and the ability to supply malicious parameters, so exploitation would likely be limited to compromised or privileged internal users. The vulnerability is not currently listed in CISA’s KEV catalog, suggesting no public exploits are known. Nevertheless, the potential for arbitrary command execution warrants prompt attention.

Generated by OpenCVE AI on June 25, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Rapid7 InsightConnect Tcpdump Plugin to a version that eliminates the vulnerable command concatenation or apply any vendor‑issued patch.
  • If an upgrade is not immediately possible, restrict plugin access to trusted administrators and enforce strict input validation or disable the options that allow arbitrary command execution.
  • Monitor the InsightConnect logs for abnormal command usage or unexpected plugin activity and investigate any suspicious events promptly.

Generated by OpenCVE AI on June 25, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.
Title OS Command Injection in Rapid7 InsightConnect Tcpdump Plugin
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-06-25T01:56:51.568Z

Reserved: 2026-05-15T06:28:53.218Z

Link: CVE-2026-8658

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T03:30:17Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')