OS Command Injection Vulnerability in Rapid7 InsightConnect RPM Plugin for Linux
CVE-2026-8663
6MEDIUM
What is CVE-2026-8663?
An OS Command Injection vulnerability exists in the Rapid7 InsightConnect RPM Plugin for Linux, allowing authenticated attackers to execute arbitrary OS commands. This security flaw stems from inadequate input sanitization when constructing shell commands using the repo, key, or name parameters, which could potentially compromise the system's integrity.
Affected Version(s)
InsightConnect RPM Plugin Linux 0 < 1.0.2
InsightConnect RPM Plugin Linux 1.0.2
