CVE-2026-8665
HighCVSS 7.7Exploitation Probability (EPSS)
Low risk42th percentile — higher than 42% of all known CVEs
Summary
OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.
Risk Assessment
The organization is at risk of full system compromise on the affected Linux host, potentially leading to data theft, malware installation, or service disruption.
Recommendation
Immediately update the Translate Plugin to a patched version and implement input validation and process privilege restrictions.
Original NVD description (English source)
OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.

