OS Command Injection Vulnerability in Rapid7 InsightConnect Traceroute Plugin for Linux
CVE-2026-8666

7.7HIGH

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
25 June 2026

What is CVE-2026-8666?

The Rapid7 InsightConnect Traceroute Plugin for Linux is susceptible to an OS command injection vulnerability. This issue arises from inadequate input validation when handling parameters such as host, port, max_ttl, count, or time_out during traceroute actions. As a result, an attacker could exploit this vulnerability to execute arbitrary operating system commands on the target system, potentially compromising its security and integrity.

Affected Version(s)

InsightConnect Traceroute Plugin Linux 0 < 1.0.3

InsightConnect Traceroute Plugin Linux 1.0.3

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jacob Steadman, Rapid7
Jed Starr, Rapid7
.