Skip to main content

InsightConnect Sed Plugin CVE-2026-9153

| EUVDEUVD-2026-39155 MEDIUM
Path Traversal (CWE-22)
2026-06-25 rapid7 GHSA-v6m6-hc9j-5r5w
6.5
CVSS 3.1 · Vendor: rapid7
Share

Severity by source

Vendor (rapid7) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable via InsightConnect interface (AV:N), low-privilege authentication required to invoke the plugin (PR:L), confidentiality-only impact reading arbitrary files with no write or availability effect (C:H/I:N/A:N).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (rapid7).

CVSS VectorVendor: rapid7

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
Jun 25, 2026 - 02:01 EUVD
Analysis Generated
Jun 25, 2026 - 00:59 vuln.today
CVE Published
Jun 25, 2026 - 00:33 cve.org
MEDIUM 6.5

DescriptionCVE.org

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

AnalysisAI

Arbitrary file read in Rapid7's InsightConnect Sed Plugin on Linux exposes sensitive host filesystem contents to authenticated attackers through an unsanitized expression parameter. All versions are affected per the CPE wildcard, and exploitation requires only a low-privilege authenticated InsightConnect session over the network with no user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege InsightConnect credentials
Delivery
Authenticate to InsightConnect platform over network
Exploit
Access Sed Plugin workflow action
Execution
Inject path traversal sequence into expression parameter
Persist
Plugin reads targeted Linux filesystem file
Impact
Exfiltrate sensitive file contents from workflow output

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid, authenticated InsightConnect session with at least low-privilege access to invoke the Sed Plugin, consistent with the CVSS PR:L metric. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 6.5 (Medium) accurately characterizes the threat envelope: network-accessible (AV:N), low complexity (AC:L), low-privilege authentication required (PR:L), no user interaction (UI:N), no scope change (S:U), and high confidentiality impact (C:H) with no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated InsightConnect user with Sed Plugin access constructs a workflow action passing a crafted expression parameter containing a path traversal sequence targeting a sensitive Linux file (e.g., a value resolving to /etc/shadow or a private key under /root/.ssh/). The plugin passes the unsanitized value to the underlying file-reading operation, which returns the file contents within the workflow execution result. …
Remediation Consult the Rapid7 vendor advisory at https://extensions.rapid7.com/extension/sed for the patched plugin version and upgrade instructions - no exact fixed version number was independently confirmed from the available data, so the advisory is the authoritative source. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9153 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy