CVE Catalog

CVE-2026-8666

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile — higher than 42% of all known CVEs

Summary

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.

Risk Assessment

The risk for the organization includes full compromise of the Linux server running the vulnerable plugin, potentially leading to data theft, malware installation, or further attacks on the infrastructure.

Recommendation

It is recommended to immediately update the Rapid7 InsightConnect Traceroute Plugin to the latest patched version and implement strict input validation for all request parameters.

Original NVD description (English source)

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS