Skip to main content

InsightConnect Sed Plugin CVE-2026-9154

| EUVDEUVD-2026-39154 MEDIUM
Path Traversal (CWE-22)
2026-06-25 rapid7 GHSA-9723-5cpr-v9rm
6.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (rapid7) PRIMARY
HIGH
qualitative
NVD
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
vuln.today AI
7.1 HIGH

Authenticated plugin user (PR:L) sends a crafted expression over the network (AV:N/AC:L); arbitrary write gives high integrity and low availability impact with no disclosure (C:N).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (rapid7).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

5
Severity Changed
Jun 27, 2026 - 19:37 NVD
HIGH MEDIUM
CVSS changed
Jun 27, 2026 - 19:37 NVD
7.1 (HIGH) 6.5 (MEDIUM)
Patch available
Jun 25, 2026 - 02:01 EUVD
Analysis Generated
Jun 25, 2026 - 00:58 vuln.today
CVE Published
Jun 25, 2026 - 00:29 cve.org
HIGH 7.1

DescriptionNVD

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.

AnalysisAI

Arbitrary file write in the Rapid7 InsightConnect Sed Plugin on Linux lets an authenticated attacker supply a crafted expression parameter to write attacker-controlled content to any filesystem path the plugin process can reach. The flaw (CWE-22 path traversal) carries a CVSS 7.1 with high integrity impact and there is no public exploit identified at time of analysis, but it is dangerous because arbitrary writes can be leveraged toward code execution or configuration tampering within the SOAR plugin runtime.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to InsightConnect (PR:L)
Delivery
Invoke Sed plugin action
Exploit
Supply traversal expression parameter
Execution
Write content to arbitrary path
Impact
Achieve code execution or config tampering

Vulnerability AssessmentAI

Exploitation Exploitation requires authenticated, low-privileged access to the Rapid7 InsightConnect platform (CVSS PR:L) and the ability to invoke the Sed plugin and control its 'expression' parameter - that parameter is the exact injection point used to specify the traversal/output path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) describes a network-reachable, low-complexity attack requiring low privileges and no user interaction, with high integrity impact, low availability impact, and no confidentiality impact - consistent with an arbitrary file write rather than direct data disclosure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privileged authenticated access to the InsightConnect platform configures or triggers a Sed plugin action and supplies an expression parameter containing path-traversal sequences pointing outside the intended output directory. Because attack complexity is low and no user interaction is required, the plugin writes attacker-controlled content to a sensitive location (for example a script, cron, or configuration file), which can then be leveraged toward code execution. …
Remediation Update the InsightConnect Sed Plugin to the latest version published on the Rapid7 extension marketplace (https://extensions.rapid7.com/extension/sed) and review the vendor advisory there for the specific patched plugin build; a precise fixed version is not stated in the available data, so confirm the corrected release directly with Rapid7. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all InsightConnect deployments running the Sed Plugin; audit and document which users have access to the plugin. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9154 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy