Skip to main content

Insightconnect Tr Plugin

1 CVEs product

Monthly

CVE-2026-8665 CRITICAL PATCH Act Now

OS command injection in Rapid7's InsightConnect Translate (TR) Plugin on Linux lets remote attackers run arbitrary shell commands by injecting into the 'text' or 'expression' parameters of the TR action, which are concatenated into a shell command without sanitization (CWE-78). All plugin versions before 2.0.3 are affected. There is no public exploit identified at time of analysis and EPSS is low (0.55%), but the flaw yields full system compromise per the vendor's own SSVC 'total' technical-impact rating.

Command Injection Insightconnect Tr Plugin
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

OS command injection in Rapid7's InsightConnect Translate (TR) Plugin on Linux lets remote attackers run arbitrary shell commands by injecting into the 'text' or 'expression' parameters of the TR action, which are concatenated into a shell command without sanitization (CWE-78). All plugin versions before 2.0.3 are affected. There is no public exploit identified at time of analysis and EPSS is low (0.55%), but the flaw yields full system compromise per the vendor's own SSVC 'total' technical-impact rating.

Command Injection Insightconnect Tr Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy