OS Command Injection Vulnerability in Rapid7 InsightConnect SQLmap Plugin
CVE-2026-8659

6MEDIUM

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
25 June 2026

What is CVE-2026-8659?

The InsightConnect SQLmap Plugin developed by Rapid7 is susceptible to an OS Command Injection vulnerability on Linux systems. This flaw arises from inadequate input validation allowing authenticated attackers to manipulate the api_host or api_port parameters during connection configuration. Exploitation of this vulnerability could result in the execution of arbitrary OS commands, compromising the security of affected systems.

Affected Version(s)

InsightConnect SQLmap Plugin Linux 0 < 2.0.1

InsightConnect SQLmap Plugin Linux 2.0.1

References

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jacob Steadman, Rapid7
Jed Starr, Rapid7
.