Description
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
Published: 2026-06-25
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Rapid7 InsightConnect Sed Plugin for Linux contains an OS command injection flaw that allows an authenticated user to run arbitrary operating system commands by providing unsanitized input to the expression parameter. The vulnerability stems from insufficient input validation, enabling direct exploitation of the underlying shell. If leveraged, an attacker can gain full control of the host machine, compromising all data and services running on that system.

Affected Systems

The issue affects the Rapid7 InsightConnect Sed Plugin on Linux installations. Any organization using this plugin with authenticated users should consider it vulnerable; specific version details are not listed in the CNA data.

Risk and Exploitability

With a CVSS score of 8.8 the flaw is considered high severity. The EPSS score is not available, so exploitation likelihood cannot be quantified, but the lack of a KEV listing indicates no publicly known exploits have been reported. The attack vector requires authentication to the plugin, suggesting that internal threat actors or compromised credential holders can exploit this weakness. The impact is remote code execution over the system running the plugin, potentially leading to data loss, persistence, or further foothold.

Generated by OpenCVE AI on June 25, 2026 at 01:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Rapid7 InsightConnect Sed Plugin to the latest released version that contains the fix for this command injection vulnerability.
  • Restrict or disable the Sed Plugin for users who do not require it, limiting the exposed attack surface.
  • If an immediate update is not possible, enforce strict input validation on the "expression" parameter by sanitizing input or restricting it to an allowed set of commands or regular expressions.

Generated by OpenCVE AI on June 25, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Description OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
Title OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-06-25T00:25:22.606Z

Reserved: 2026-05-21T01:03:59.132Z

Link: CVE-2026-9155

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T02:00:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')