Arbitrary File Read Vulnerability in Rapid7 InsightConnect Sed Plugin
CVE-2026-9153

6.5MEDIUM

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
25 June 2026

What is CVE-2026-9153?

The Rapid7 InsightConnect Sed Plugin on Linux contains an Arbitrary File Read vulnerability that allows authenticated attackers to access sensitive files. This security issue arises from inadequate input validation associated with the expression parameter, posing a risk of unauthorized data exposure.

Affected Version(s)

InsightConnect Sed Plugin Linux 0 < 2.0.5

InsightConnect Sed Plugin Linux 2.0.5

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sebastián Alba Vives (@Sebasteuo / 0xs4bbi), Independent security researcher, Costa Rica
.