CVE Catalog

CVE-2026-8660

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile — higher than 42% of all known CVEs

Summary

The Ping plugin for Rapid7 InsightConnect on Linux is vulnerable to OS command injection. Remote attackers can execute arbitrary commands via the host parameter due to insufficient input validation when constructing shell commands.

Risk Assessment

The risk includes remote code execution, potential server compromise, data theft, and service disruption. This vulnerability could be leveraged for privilege escalation and further attacks on the infrastructure.

Recommendation

Immediately update the Ping plugin to the latest version provided by the vendor. Additionally, implement input filtering and sanitization for the host parameter.

Original NVD description (English source)

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS