OS Command Injection in Rapid7 InsightConnect Ping Plugin for Linux
CVE-2026-8660

7.7HIGH

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
25 June 2026

What is CVE-2026-8660?

This vulnerability exists in the Rapid7 InsightConnect Ping Plugin on Linux, where insufficient input validation allows remote attackers to execute arbitrary operating system commands. The issue arises when the plugin processes input from the host parameter, leading to the potential for malicious command injection via crafted input, posing significant risks to the affected systems.

Affected Version(s)

InsightConnect Ping Plugin Linux 0 < 1.0.4

InsightConnect Ping Plugin Linux 1.0.4

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jacob Steadman, Rapid7
Jed Starr, Rapid7
.