Skip to main content

Insightconnect Ping Plugin

1 CVEs product

Monthly

CVE-2026-8660 CRITICAL PATCH Act Now

OS command injection in Rapid7's InsightConnect Ping Plugin (versions before 1.0.4) on Linux lets attackers run arbitrary operating-system commands by injecting shell metacharacters into the host parameter of the plugin's ping action, which is concatenated into a shell command without proper sanitization. Any actor able to influence the host input flowing into this SOAR plugin gains full code execution on the plugin's runtime host. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA's SSVC marks exploitation as 'none' and the flaw as not automatable, so risk is real but not yet observed in the wild.

Command Injection Insightconnect Ping Plugin
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

OS command injection in Rapid7's InsightConnect Ping Plugin (versions before 1.0.4) on Linux lets attackers run arbitrary operating-system commands by injecting shell metacharacters into the host parameter of the plugin's ping action, which is concatenated into a shell command without proper sanitization. Any actor able to influence the host input flowing into this SOAR plugin gains full code execution on the plugin's runtime host. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA's SSVC marks exploitation as 'none' and the flaw as not automatable, so risk is real but not yet observed in the wild.

Command Injection Insightconnect Ping Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy