Skip to main content

InsightConnect SQLmap Plugin CVE-2026-8659

| EUVDEUVD-2026-39152 HIGH
OS Command Injection (CWE-78)
2026-06-25 rapid7 GHSA-frqr-h5vc-vr89
8.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (rapid7) PRIMARY
MEDIUM
qualitative
NVD
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable config interface and low complexity, but requires an authenticated user with connection-config rights (PR:L); OS command execution yields full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (rapid7).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jun 29, 2026 - 19:53 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 29, 2026 - 19:37 vuln.today
cvss_changed
Severity Changed
Jun 29, 2026 - 19:37 NVD
MEDIUM HIGH
CVSS changed
Jun 29, 2026 - 19:37 NVD
6.0 (MEDIUM) 8.8 (HIGH)
Patch available
Jun 25, 2026 - 02:01 EUVD
Analysis Generated
Jun 25, 2026 - 00:29 vuln.today
CVE Published
Jun 25, 2026 - 00:07 cve.org
MEDIUM 6.0

DescriptionNVD

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

AnalysisAI

OS command injection in Rapid7's InsightConnect SQLmap Plugin (versions before 2.0.1) on Linux lets an authenticated InsightConnect user inject arbitrary operating-system commands through the api_host or api_port fields supplied while configuring the plugin's connection. Because the plugin runs inside the InsightConnect orchestration runtime, a successful injection yields code execution in that automation context (CVSS 8.8, CWE-78). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to InsightConnect with connection-config rights
Delivery
Create or edit SQLmap plugin connection
Exploit
Inject shell metacharacters into api_host/api_port
Execution
Plugin passes input to OS command
Persist
Arbitrary commands execute on Linux host
Impact
Code execution in orchestrator runtime

Vulnerability AssessmentAI

Exploitation Requires an authenticated InsightConnect account with the ability to create or modify a SQLmap Plugin connection (PR:L), and the malicious payload must be placed specifically in the api_host or api_port parameter during connection configuration; the deployment must be the Linux build of the plugin at a version below 2.0.1. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are internally consistent and point to a real but operationally bounded risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated InsightConnect user with permission to configure plugin connections creates or edits a SQLmap connection and embeds shell metacharacters (e.g. a command substitution) in the api_host or api_port field; when the plugin processes the connection, the injected command runs on the underlying Linux host with the plugin runtime's privileges. …
Remediation Vendor-released patch: upgrade the InsightConnect SQLmap Plugin to version 2.0.1 or later, obtained from the Rapid7 extensions marketplace (https://extensions.rapid7.com/extension/sqlmap); since plugins execute in the orchestrator runtime, update the plugin version used by your jobs and re-validate workflows that reference it. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all InsightConnect deployments using SQLmap Plugin and identify authenticated user accounts with plugin configuration privileges. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-8659 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy