Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable config interface and low complexity, but requires an authenticated user with connection-config rights (PR:L); OS command execution yields full C/I/A impact.
Primary rating from Vendor (rapid7).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionNVD
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.
AnalysisAI
OS command injection in Rapid7's InsightConnect SQLmap Plugin (versions before 2.0.1) on Linux lets an authenticated InsightConnect user inject arbitrary operating-system commands through the api_host or api_port fields supplied while configuring the plugin's connection. Because the plugin runs inside the InsightConnect orchestration runtime, a successful injection yields code execution in that automation context (CVSS 8.8, CWE-78). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated InsightConnect account with the ability to create or modify a SQLmap Plugin connection (PR:L), and the malicious payload must be placed specifically in the api_host or api_port parameter during connection configuration; the deployment must be the Linux build of the plugin at a version below 2.0.1. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are internally consistent and point to a real but operationally bounded risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated InsightConnect user with permission to configure plugin connections creates or edits a SQLmap connection and embeds shell metacharacters (e.g. a command substitution) in the api_host or api_port field; when the plugin processes the connection, the injected command runs on the underlying Linux host with the plugin runtime's privileges. … |
| Remediation | Vendor-released patch: upgrade the InsightConnect SQLmap Plugin to version 2.0.1 or later, obtained from the Rapid7 extensions marketplace (https://extensions.rapid7.com/extension/sqlmap); since plugins execute in the orchestrator runtime, update the plugin version used by your jobs and re-validate workflows that reference it. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all InsightConnect deployments using SQLmap Plugin and identify authenticated user accounts with plugin configuration privileges. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39152
GHSA-frqr-h5vc-vr89