Arbitrary File Write Vulnerability in Rapid7 InsightConnect Sed Plugin for Linux
CVE-2026-9154
7.1HIGH
What is CVE-2026-9154?
The InsightConnect Sed Plugin by Rapid7 for Linux contains a vulnerability that permits authenticated users to manipulate the file system by writing arbitrary content to specified file paths through the expression parameter. This flaw can potentially allow attackers to gain control over sensitive files, leading to further exploitation of the system and unauthorized access to critical information.
Affected Version(s)
InsightConnect Sed Plugin Linux 0 < 2.0.5
InsightConnect Sed Plugin Linux 2.0.5
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Sebastián Alba Vives (@Sebasteuo / 0xs4bbi), Independent security researcher, Costa Rica
