Description
Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.
Published: 2026-06-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an arbitrary file write that occurs when an authenticated user supplies a crafted expression to the Sed Plugin in Rapid7 InsightConnect. By specifying an unchecked path in the expression parameter, the attacker can cause the plugin to create or overwrite files anywhere on the file system where the plugin process has write permission. The ability to write arbitrary content can be leveraged to replace critical binaries, inject malicious scripts, or modify configuration files, potentially leading to privilege escalation or remote code execution.

Affected Systems

The issue affects Rapid7 InsightConnect Sed Plugin deployed on Linux environments. No specific plugin or InsightConnect version ranges are listed in the advisory, so any installation of the Sed Plugin that has not been updated after the vulnerability was disclosed is potentially vulnerable.

Risk and Exploitability

With a CVSS score of 7.1 the flaw is considered Medium‑high severity. The EPSS score is not available, and the vulnerability is not yet cataloged in CISA KEV, indicating no known widespread exploitation. The attack vector requires the attacker to be authenticated against the InsightConnect platform and to have access to the Sed Plugin interface; therefore, the risk is bounded to users with legitimate credentials or compromised accounts. Until a vendor patch is released, mitigation hinges on restricting plugin access and system file permissions.

Generated by OpenCVE AI on June 25, 2026 at 01:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Rapid7 InsightConnect Sed Plugin update once released to fix the arbitrary file write.
  • If no update is available, restrict access to the Sed Plugin by limiting the user roles that can invoke it or disabling the extension altogether for untrusted users.
  • Implement system‑level write‑access controls (e.g., SELinux, AppArmor, or file ACLs) to prevent the plugin process from writing to sensitive directories.

Generated by OpenCVE AI on June 25, 2026 at 01:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Rapid7
Rapid7 insightconnect Sed Plugin
Vendors & Products Rapid7
Rapid7 insightconnect Sed Plugin

Thu, 25 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Description Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.
Title Arbitrary File Write in Rapid7 InsightConnect Sed Plugin
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}


Subscriptions

Rapid7 Insightconnect Sed Plugin
cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-06-25T12:36:51.431Z

Reserved: 2026-05-21T01:03:57.353Z

Link: CVE-2026-9154

cve-icon Vulnrichment

Updated: 2026-06-25T12:36:48.220Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:38:46Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')