OS Command Injection Vulnerability in Rapid7 InsightConnect Traceroute Plugin for Linux
CVE-2026-8666
7.7HIGH
What is CVE-2026-8666?
The Rapid7 InsightConnect Traceroute Plugin for Linux is susceptible to an OS command injection vulnerability. This issue arises from inadequate input validation when handling parameters such as host, port, max_ttl, count, or time_out during traceroute actions. As a result, an attacker could exploit this vulnerability to execute arbitrary operating system commands on the target system, potentially compromising its security and integrity.
Affected Version(s)
InsightConnect Traceroute Plugin Linux 0 < 1.0.3
InsightConnect Traceroute Plugin Linux 1.0.3
