CVE Catalog

CVE-2026-8665

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile — higher than 42% of all known CVEs

Summary

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.

Risk Assessment

The organization is at risk of full system compromise on the affected Linux host, potentially leading to data theft, malware installation, or service disruption.

Recommendation

Immediately update the Translate Plugin to a patched version and implement input validation and process privilege restrictions.

Original NVD description (English source)

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS