CVE-2026-9153
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.
Risk Assessment
The risk involves unauthorized access to sensitive system files, potentially leading to data leakage or privilege escalation.
Recommendation
It is recommended to immediately update the Sed plugin to the latest version and implement strict validation of the expression parameter in InsightConnect configurations.
Original NVD description (English source)
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

