CVE Catalog

CVE-2026-8659

MediumCVSS 6.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

50th percentile — higher than 50% of all known CVEs

Summary

The SQLmap plugin for Rapid7 InsightConnect on Linux contains an OS command injection vulnerability. Authenticated attackers can execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

Risk Assessment

The risk involves potential server compromise by an authenticated attacker, leading to data theft, configuration changes, or further attacks on the infrastructure.

Recommendation

Immediately update the SQLmap plugin to the latest version from the vendor and enforce strict input validation on connection configuration parameters.

Original NVD description (English source)

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS