Skip to main content

Insightconnect Finger Plugin

1 CVEs product

Monthly

CVE-2026-8664 HIGH PATCH This Week

OS command injection in Rapid7's InsightConnect Finger Plugin (versions prior to 1.0.3) on Linux lets an authenticated attacker run arbitrary operating-system commands by injecting shell metacharacters into the user or host parameters, which are passed unsanitized into a constructed shell command (CWE-78). Because the plugin executes within the InsightConnect SOAR orchestrator, successful exploitation yields full read/write and availability impact on the host running the plugin. No public exploit is identified at time of analysis, and EPSS estimates only a 0.73% 30-day exploitation probability.

Command Injection Insightconnect Finger Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

OS command injection in Rapid7's InsightConnect Finger Plugin (versions prior to 1.0.3) on Linux lets an authenticated attacker run arbitrary operating-system commands by injecting shell metacharacters into the user or host parameters, which are passed unsanitized into a constructed shell command (CWE-78). Because the plugin executes within the InsightConnect SOAR orchestrator, successful exploitation yields full read/write and availability impact on the host running the plugin. No public exploit is identified at time of analysis, and EPSS estimates only a 0.73% 30-day exploitation probability.

Command Injection Insightconnect Finger Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy