OS Command Injection Vulnerability in Rapid7 InsightConnect Tcpdump Plugin
CVE-2026-8658

6MEDIUM

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
25 June 2026

What is CVE-2026-8658?

An OS Command Injection vulnerability exists in the Rapid7 InsightConnect Tcpdump Plugin for Linux, allowing authenticated attackers to execute arbitrary operating system commands. This can be exploited through the options or filter parameters, highlighting the need for better input sanitization during shell command construction. Users are advised to review their security measures and update to the latest version to mitigate this risk.

Affected Version(s)

InsightConnect Tcpdump Plugin Linux 0 < 2.0.0

InsightConnect Tcpdump Plugin Linux 2.0.0

References

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jacob Steadman, Rapid7
Jed Starr, Rapid7
.