CVE-2026-8592
HighCVSS 7.7Exploitation Probability (EPSS)
Low risk42th percentile — higher than 42% of all known CVEs
Summary
OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.
Risk Assessment
The organization is at risk of remote system compromise on Linux, potentially leading to data theft, malware installation, or complete system integrity violation.
Recommendation
Immediately update the AWK InsightConnect Plugin to the latest version that fixes this vulnerability and restrict access to the plugin interface to trusted sources only.
Original NVD description (English source)
OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline.

