CVE Catalog

CVE-2026-8664

MediumCVSS 6.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

50th percentile — higher than 50% of all known CVEs

Summary

The Finger plugin for Rapid7 InsightConnect on Linux contains an OS Command Injection vulnerability. An authenticated attacker can execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.

Risk Assessment

The risk for the organization includes potential system compromise by an authenticated attacker, leading to data theft, configuration changes, or lateral movement within the network.

Recommendation

Immediately update the Finger plugin to the latest version provided by the vendor and implement input validation mechanisms for the user and host parameters.

Original NVD description (English source)

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS