Rapid7 CVEs & Vulnerabilities

9 CVEs affecting Rapid7 products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

insightconnect compression 1insightconnect rpm 1insightconnect traceroute 1insightconnect ping 1insightconnect awk 1insightconnect translate 1insightconnect tcpdump 1insightconnect finger 1
CVE-2026-8662MEDIUM

Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.

25 Jun 2026
4.3
CVSS
CVE-2026-8658HIGH

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.

25 Jun 2026
8.8
CVSS
CVE-2026-8666CRITICAL

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.

25 Jun 2026
9.8
CVSS
CVE-2026-8665CRITICAL

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.

25 Jun 2026
9.8
CVSS
CVE-2026-8664HIGH

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.

25 Jun 2026
8.8
CVSS
CVE-2026-8660CRITICAL

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.

25 Jun 2026
9.8
CVSS
CVE-2026-8592CRITICAL

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.

25 Jun 2026
9.8
CVSS
CVE-2026-8663HIGH

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction.

25 Jun 2026
8.8
CVSS
CVE-2026-8659HIGH

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

25 Jun 2026
8.8
CVSS
← PrevPage 1 / 1Next →