Arbitrary File Write Vulnerability in Rapid7 InsightConnect Sed Plugin for Linux
CVE-2026-9154

7.1HIGH

Key Information:

Vendor

Rapid7

Vendor
CVE Published:
25 June 2026

What is CVE-2026-9154?

The InsightConnect Sed Plugin by Rapid7 for Linux contains a vulnerability that permits authenticated users to manipulate the file system by writing arbitrary content to specified file paths through the expression parameter. This flaw can potentially allow attackers to gain control over sensitive files, leading to further exploitation of the system and unauthorized access to critical information.

Affected Version(s)

InsightConnect Sed Plugin Linux 0 < 2.0.5

InsightConnect Sed Plugin Linux 2.0.5

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sebastián Alba Vives (@Sebasteuo / 0xs4bbi), Independent security researcher, Costa Rica
.