CVE-2026-8659
MediumCVSS 6.0Exploitation Probability (EPSS)
Low risk50th percentile — higher than 50% of all known CVEs
Summary
The SQLmap plugin for Rapid7 InsightConnect on Linux contains an OS command injection vulnerability. Authenticated attackers can execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.
Risk Assessment
The risk involves potential server compromise by an authenticated attacker, leading to data theft, configuration changes, or further attacks on the infrastructure.
Recommendation
Immediately update the SQLmap plugin to the latest version from the vendor and enforce strict input validation on connection configuration parameters.
Original NVD description (English source)
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

