OS Command Injection Vulnerability in Rapid7 InsightConnect RPM Plugin for Linux
CVE-2026-8663

6MEDIUM

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
24 June 2026

What is CVE-2026-8663?

An OS Command Injection vulnerability exists in the Rapid7 InsightConnect RPM Plugin for Linux, allowing authenticated attackers to execute arbitrary OS commands. This security flaw stems from inadequate input sanitization when constructing shell commands using the repo, key, or name parameters, which could potentially compromise the system's integrity.

Affected Version(s)

InsightConnect RPM Plugin Linux 0 < 1.0.2

InsightConnect RPM Plugin Linux 1.0.2

References

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jacob Steadman, Rapid7
Jed Starr, Rapid7
.