Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
PR:H confirmed by authenticated-attacker requirement; AC:H for crafted-input constraint; no confidentiality loss per description; I:L and A:L for file corruption only.
Primary rating from Vendor (rapid7).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
5DescriptionNVD
Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.
AnalysisAI
Path traversal in Rapid7 InsightConnect's Compression Plugin on Linux allows authenticated attackers with high privileges to write files to arbitrary paths on the underlying host via crafted archive filenames passed to the create_archive function. Impact is constrained to file corruption - the attacker can control write destination but not write content, preventing code execution via this vector alone. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) a valid InsightConnect account with high-level privileges sufficient to create or trigger automation workflows (PR:H per CVSS vector); (2) access to a workflow or direct API call that invokes the Compression Plugin's create_archive function with attacker-controlled filename input; (3) the target system running Linux (the vulnerability is explicitly scoped to Linux). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated InsightConnect operator with high-privilege workflow permissions constructs a workflow that calls the Compression Plugin's create_archive function with a crafted filename containing path traversal sequences (e.g., '../../etc/cron.d/job'). Upon archive creation, the plugin writes the archive entry to the traversed path on the Linux host filesystem, corrupting or replacing an existing file. … |
| Remediation | The primary remediation is to upgrade to a patched version of the Rapid7 InsightConnect Compression Plugin per the vendor advisory at https://extensions.rapid7.com/extension/compression. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39162
GHSA-x3f7-qmw7-g6pj