CVE Catalog

CVE-2026-9155

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.92%

56th percentile — higher than 56% of all known CVEs

Summary

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

Risk Assessment

The risk for the organization includes potential system compromise, data theft, or service disruption by an authenticated attacker.

Recommendation

It is recommended to immediately update the Sed plugin to the latest version and enforce strict input validation for the expression parameter.

Original NVD description (English source)

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS