OS Command Injection in Rapid7 InsightConnect Ping Plugin_CVE-2026-8660

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.

Basic Information

ID CVE-2026-8660

Source rapid7

Published Jun 25, 2026 at 00:52

Affected Product

Vendor Rapid7

Product InsightConnect Ping Plugin

Affected Versions Rapid7 InsightConnect Ping Plugin 0

CWE Classification

CWE-78

References

extensions.rapid7.com /extension/ping

{
    "lastseen": "",
    "description": "OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.",
    "published": "2026-06-25T00:52:34.341Z",
    "modified": "2026-06-25T00:52:34.341Z",
    "type": "cve",
    "title": "OS Command Injection in Rapid7 InsightConnect Ping Plugin",
    "source": "rapid7",
    "references": "https://extensions.rapid7.com/extension/ping",
    "id": "CVE-2026-8660",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Rapid7 InsightConnect Ping Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InsightConnect Ping Plugin",
    "version": "0",
    "vendor": "Rapid7",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}