Description
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
Published: 2026-06-25
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Rapid7 InsightConnect Sed Plugin for Linux contains an OS command injection flaw that allows an authenticated user to run arbitrary operating system commands by providing unsanitized input to the expression parameter. The vulnerability stems from insufficient input validation, enabling direct exploitation of the underlying shell. If leveraged, an attacker can gain full control of the host machine, compromising all data and services running on that system.

Affected Systems

The issue affects the Rapid7 InsightConnect Sed Plugin on Linux installations. Any organization using this plugin with authenticated users should consider it vulnerable; specific version details are not listed in the CNA data.

Risk and Exploitability

With a CVSS score of 8.8 the flaw is considered high severity. The EPSS score is not available, so exploitation likelihood cannot be quantified, but the lack of a KEV listing indicates no publicly known exploits have been reported. The attack vector requires authentication to the plugin, suggesting that internal threat actors or compromised credential holders can exploit this weakness. The impact is remote code execution over the system running the plugin, potentially leading to data loss, persistence, or further foothold.

Generated by OpenCVE AI on June 25, 2026 at 01:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Rapid7 InsightConnect Sed Plugin to the latest released version that contains the fix for this command injection vulnerability.
  • Restrict or disable the Sed Plugin for users who do not require it, limiting the exposed attack surface.
  • If an immediate update is not possible, enforce strict input validation on the "expression" parameter by sanitizing input or restricting it to an allowed set of commands or regular expressions.

Generated by OpenCVE AI on June 25, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Rapid7
Rapid7 insightconnect Sed Plugin
Vendors & Products Rapid7
Rapid7 insightconnect Sed Plugin

Thu, 25 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Description OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
Title OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Rapid7 Insightconnect Sed Plugin
cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-06-25T12:38:23.764Z

Reserved: 2026-05-21T01:03:59.132Z

Link: CVE-2026-9155

cve-icon Vulnrichment

Updated: 2026-06-25T12:38:20.923Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:38:48Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')