CVE Catalog

CVE-2026-9153

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

Risk Assessment

The risk involves unauthorized access to sensitive system files, potentially leading to data leakage or privilege escalation.

Recommendation

It is recommended to immediately update the Sed plugin to the latest version and implement strict validation of the expression parameter in InsightConnect configurations.

Original NVD description (English source)

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS