OS Command Injection Vulnerability in Rapid7 InsightConnect Tcpdump Plugin
CVE-2026-8658
6MEDIUM
What is CVE-2026-8658?
An OS Command Injection vulnerability exists in the Rapid7 InsightConnect Tcpdump Plugin for Linux, allowing authenticated attackers to execute arbitrary operating system commands. This can be exploited through the options or filter parameters, highlighting the need for better input sanitization during shell command construction. Users are advised to review their security measures and update to the latest version to mitigate this risk.
Affected Version(s)
InsightConnect Tcpdump Plugin Linux 0 < 2.0.0
InsightConnect Tcpdump Plugin Linux 2.0.0
