Description
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.
Published: 2026-06-25
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The disclosed vulnerability is an OS command injection flaw in the Rapid7 InsightConnect Tcpdump Plugin on Linux. When an authenticated user supplies crafted options or filter parameters, the plugin concatenates them into a shell command without proper sanitization, allowing the execution of arbitrary OS commands. This flaw, classified as CWE-78, gives the attacker the ability to exfiltrate data, compromise system integrity, or disrupt services, effectively granting remote code execution on the machine running the InsightConnect engine.

Affected Systems

The issue affects installations of Rapid7 InsightConnect that include the Tcpdump Plugin on Linux platforms. No specific version numbers are listed in the advisory, so all current and older builds of the plugin may be vulnerable until a patch is released by Rapid7.

Risk and Exploitability

The CVSS score of 6 indicates moderate severity. No EPSS data is available, but the flaw requires authentication to the plugin and the ability to supply malicious parameters, so exploitation would likely be limited to compromised or privileged internal users. The vulnerability is not currently listed in CISA’s KEV catalog, suggesting no public exploits are known. Nevertheless, the potential for arbitrary command execution warrants prompt attention.

Generated by OpenCVE AI on June 25, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Rapid7 InsightConnect Tcpdump Plugin to a version that eliminates the vulnerable command concatenation or apply any vendor‑issued patch.
  • If an upgrade is not immediately possible, restrict plugin access to trusted administrators and enforce strict input validation or disable the options that allow arbitrary command execution.
  • Monitor the InsightConnect logs for abnormal command usage or unexpected plugin activity and investigate any suspicious events promptly.

Generated by OpenCVE AI on June 25, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Rapid7
Rapid7 insightconnect Tcpdump Plugin
Vendors & Products Rapid7
Rapid7 insightconnect Tcpdump Plugin

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.
Title OS Command Injection in Rapid7 InsightConnect Tcpdump Plugin
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L'}


Subscriptions

Rapid7 Insightconnect Tcpdump Plugin
cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-06-25T13:27:43.194Z

Reserved: 2026-05-15T06:28:53.218Z

Link: CVE-2026-8658

cve-icon Vulnrichment

Updated: 2026-06-25T13:27:32.693Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:38:32Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')