CVE-2026-8662
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
A Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.
Risk Assessment
The risk involves potential overwriting or corruption of critical system or configuration files, which could lead to service disruption or data integrity loss.
Recommendation
It is recommended to immediately update the Compression InsightConnect plugin to the latest patched version and implement server-side file path validation.
Original NVD description (English source)
Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.

