Path Traversal Vulnerability in Rapid7 InsightConnect Compression Plugin
CVE-2026-8662

3.3LOW

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
25 June 2026

What is CVE-2026-8662?

A Path Traversal vulnerability exists in the create_archive function of the Rapid7 InsightConnect Compression Plugin on Linux. This flaw allows authenticated attackers to manipulate filename input, potentially leading to the writing of files to unintended file paths. While the vulnerability enables file corruption, it does not allow attackers to control the content of those files.

Affected Version(s)

InsightConnect Compression Plugin Linux 0 < 2.0.3

InsightConnect Compression Plugin Linux 2.0.3

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jacob Steadman, Rapid7
Jed Starr, Rapid7
.