OS Command Injection in Rapid7 InsightConnect Ping Plugin for Linux
CVE-2026-8660
7.7HIGH
What is CVE-2026-8660?
This vulnerability exists in the Rapid7 InsightConnect Ping Plugin on Linux, where insufficient input validation allows remote attackers to execute arbitrary operating system commands. The issue arises when the plugin processes input from the host parameter, leading to the potential for malicious command injection via crafted input, posing significant risks to the affected systems.
Affected Version(s)
InsightConnect Ping Plugin Linux 0 < 1.0.4
InsightConnect Ping Plugin Linux 1.0.4
