OS Command Injection in Rapid7 InsightConnect Finger Plugin_CVE-2026-8664

6 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Description

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.

Basic Information

ID CVE-2026-8664

Source rapid7

Published Jun 25, 2026 at 01:28

Affected Product

Vendor Rapid7

Product InsightConnect Finger Plugin

Affected Versions Rapid7 InsightConnect Finger Plugin 0

CWE Classification

CWE-78

References

extensions.rapid7.com /extension/finger

{
    "lastseen": "",
    "description": "OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction.",
    "published": "2026-06-25T01:28:14.832Z",
    "modified": "2026-06-25T01:28:14.832Z",
    "type": "cve",
    "title": "OS Command Injection in Rapid7 InsightConnect Finger Plugin",
    "source": "rapid7",
    "references": "https://extensions.rapid7.com/extension/finger",
    "id": "CVE-2026-8664",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Rapid7 InsightConnect Finger Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InsightConnect Finger Plugin",
    "version": "0",
    "vendor": "Rapid7",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}