CVE-2026-8663
MediumCVSS 6.0Exploitation Probability (EPSS)
Low risk50th percentile — higher than 50% of all known CVEs
Summary
The RPM plugin for Rapid7 InsightConnect on Linux contains an OS command injection vulnerability. An authenticated attacker can execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization.
Risk Assessment
The organization is at risk of a Linux system takeover by an authenticated attacker, potentially leading to data theft, malware installation, or complete system compromise.
Recommendation
Immediately update the RPM plugin to the latest version provided by the vendor and implement input validation and sanitization for the repo, key, and name parameters.
Original NVD description (English source)
OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction.

