Skip to main content

Insightconnect Sqlmap Plugin

1 CVEs product

Monthly

CVE-2026-8659 HIGH PATCH This Week

OS command injection in Rapid7's InsightConnect SQLmap Plugin (versions before 2.0.1) on Linux lets an authenticated InsightConnect user inject arbitrary operating-system commands through the api_host or api_port fields supplied while configuring the plugin's connection. Because the plugin runs inside the InsightConnect orchestration runtime, a successful injection yields code execution in that automation context (CVSS 8.8, CWE-78). No public exploit identified at time of analysis, and SSVC records exploitation status as none; EPSS is modest at 0.73% (50th percentile).

Command Injection Insightconnect Sqlmap Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

OS command injection in Rapid7's InsightConnect SQLmap Plugin (versions before 2.0.1) on Linux lets an authenticated InsightConnect user inject arbitrary operating-system commands through the api_host or api_port fields supplied while configuring the plugin's connection. Because the plugin runs inside the InsightConnect orchestration runtime, a successful injection yields code execution in that automation context (CVSS 8.8, CWE-78). No public exploit identified at time of analysis, and SSVC records exploitation status as none; EPSS is modest at 0.73% (50th percentile).

Command Injection Insightconnect Sqlmap Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy