CVE Catalog

CVE-2026-8592

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile — higher than 42% of all known CVEs

Summary

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.

Risk Assessment

The organization is at risk of remote system compromise on Linux, potentially leading to data theft, malware installation, or complete system integrity violation.

Recommendation

Immediately update the AWK InsightConnect Plugin to the latest version that fixes this vulnerability and restrict access to the plugin interface to trusted sources only.

Original NVD description (English source)

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS