Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-reachable via InsightConnect interface (AV:N), low-privilege authentication required to invoke the plugin (PR:L), confidentiality-only impact reading arbitrary files with no write or availability effect (C:H/I:N/A:N).
Primary rating from Vendor (rapid7).
CVSS VectorVendor: rapid7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.
AnalysisAI
Arbitrary file read in Rapid7's InsightConnect Sed Plugin on Linux exposes sensitive host filesystem contents to authenticated attackers through an unsanitized expression parameter. All versions are affected per the CPE wildcard, and exploitation requires only a low-privilege authenticated InsightConnect session over the network with no user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid, authenticated InsightConnect session with at least low-privilege access to invoke the Sed Plugin, consistent with the CVSS PR:L metric. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 score of 6.5 (Medium) accurately characterizes the threat envelope: network-accessible (AV:N), low complexity (AC:L), low-privilege authentication required (PR:L), no user interaction (UI:N), no scope change (S:U), and high confidentiality impact (C:H) with no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated InsightConnect user with Sed Plugin access constructs a workflow action passing a crafted expression parameter containing a path traversal sequence targeting a sensitive Linux file (e.g., a value resolving to /etc/shadow or a private key under /root/.ssh/). The plugin passes the unsanitized value to the underlying file-reading operation, which returns the file contents within the workflow execution result. … |
| Remediation | Consult the Rapid7 vendor advisory at https://extensions.rapid7.com/extension/sed for the patched plugin version and upgrade instructions - no exact fixed version number was independently confirmed from the available data, so the advisory is the authoritative source. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Insightconnect Sed Plugin
View allOS command injection in the Rapid7 InsightConnect Sed Plugin on Linux lets an authenticated operator inject arbitrary sh
Arbitrary file write in the Rapid7 InsightConnect Sed Plugin on Linux lets an authenticated attacker supply a crafted ex
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39155
GHSA-v6m6-hc9j-5r5w