CVE Catalog

CVE-2026-8662

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

A Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.

Risk Assessment

The risk involves potential overwriting or corruption of critical system or configuration files, which could lead to service disruption or data integrity loss.

Recommendation

It is recommended to immediately update the Compression InsightConnect plugin to the latest patched version and implement server-side file path validation.

Original NVD description (English source)

Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS