Skip to main content

Insightconnect Rpm Plugin

1 CVEs product

Monthly

CVE-2026-8663 HIGH PATCH This Week

OS command injection in the Rapid7 InsightConnect RPM Plugin on Linux lets authenticated users run arbitrary operating-system commands by injecting shell metacharacters into the repo, key, or name parameters, which are concatenated into a shell command without sanitization (CWE-78). All versions before 1.0.2 are affected. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.73%, 50th percentile).

Command Injection Insightconnect Rpm Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

OS command injection in the Rapid7 InsightConnect RPM Plugin on Linux lets authenticated users run arbitrary operating-system commands by injecting shell metacharacters into the repo, key, or name parameters, which are concatenated into a shell command without sanitization (CWE-78). All versions before 1.0.2 are affected. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.73%, 50th percentile).

Command Injection Insightconnect Rpm Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy