CVE-2026-9155
HighCVSS 8.8Exploitation Probability (EPSS)
Elevated risk56th percentile — higher than 56% of all known CVEs
Summary
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
Risk Assessment
The risk for the organization includes potential system compromise, data theft, or service disruption by an authenticated attacker.
Recommendation
It is recommended to immediately update the Sed plugin to the latest version and enforce strict input validation for the expression parameter.
Original NVD description (English source)
OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

