OS Command Injection in Rapid7 InsightConnect Finger Plugin for Linux
CVE-2026-8664
6MEDIUM
What is CVE-2026-8664?
An OS Command Injection vulnerability exists in the Rapid7 InsightConnect Finger Plugin on Linux. Authenticated attackers can exploit this weakness to execute arbitrary operating system commands by manipulating the user or host parameters. The flaw arises due to inadequate input validation during the construction of shell commands, leading to possible unauthorized control over the system.
Affected Version(s)
InsightConnect Finger Plugin Linux 0 < 1.0.3
InsightConnect Finger Plugin Linux 1.0.3
