Skip to main content

Insightconnect Awk Plugin

1 CVEs product

Monthly

CVE-2026-8592 CRITICAL PATCH Act Now

Remote OS command injection in Rapid7's InsightConnect AWK Plugin (versions below 1.2.2 on Linux) lets attackers run arbitrary operating-system commands through the process_string action's text or expression parameters, which are unsafely concatenated into a shell command. The CVSS 9.8 rating reflects full confidentiality, integrity, and availability loss with no privileges or user interaction required by the vector. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA SSVC marks exploitation as none, so risk today is potential rather than observed.

Command Injection Insightconnect Awk Plugin
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote OS command injection in Rapid7's InsightConnect AWK Plugin (versions below 1.2.2 on Linux) lets attackers run arbitrary operating-system commands through the process_string action's text or expression parameters, which are unsafely concatenated into a shell command. The CVSS 9.8 rating reflects full confidentiality, integrity, and availability loss with no privileges or user interaction required by the vector. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA SSVC marks exploitation as none, so risk today is potential rather than observed.

Command Injection Insightconnect Awk Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy