Skip to main content

Insightconnect Markdown Plugin

1 CVEs product

Monthly

CVE-2026-8661 MEDIUM PATCH This Month

Server-side JavaScript execution and outbound HTTP request capabilities in Rapid7 InsightConnect Markdown Plugin versions 3.1.4 and earlier allow remote attackers to execute arbitrary scripts and make unauthorized HTTP requests through malicious content embedded in Markdown input to the markdown_to_pdf action. The PDF rendering engine lacks sufficient restrictions on script execution and network access. Patched version 4.0.0 is available from the vendor.

XSS SSRF Insightconnect Markdown Plugin
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Server-side JavaScript execution and outbound HTTP request capabilities in Rapid7 InsightConnect Markdown Plugin versions 3.1.4 and earlier allow remote attackers to execute arbitrary scripts and make unauthorized HTTP requests through malicious content embedded in Markdown input to the markdown_to_pdf action. The PDF rendering engine lacks sufficient restrictions on script execution and network access. Patched version 4.0.0 is available from the vendor.

XSS SSRF Insightconnect Markdown Plugin
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy