OS Command Injection Vulnerability in Rapid7 InsightConnect SQLmap Plugin
CVE-2026-8659
6MEDIUM
What is CVE-2026-8659?
The InsightConnect SQLmap Plugin developed by Rapid7 is susceptible to an OS Command Injection vulnerability on Linux systems. This flaw arises from inadequate input validation allowing authenticated attackers to manipulate the api_host or api_port parameters during connection configuration. Exploitation of this vulnerability could result in the execution of arbitrary OS commands, compromising the security of affected systems.
Affected Version(s)
InsightConnect SQLmap Plugin Linux 0 < 2.0.1
InsightConnect SQLmap Plugin Linux 2.0.1
