Arbitrary File Read in Rapid7 InsightConnect Sed Plugin_CVE-2026-9153

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

Basic Information

ID CVE-2026-9153

Source rapid7

Published Jun 25, 2026 at 00:33

Affected Product

Vendor Rapid7

Product InsightConnect Sed Plugin

Affected Versions Rapid7 InsightConnect Sed Plugin 0

CWE Classification

CWE-22 CWE-200

References

extensions.rapid7.com /extension/sed

{
    "lastseen": "",
    "description": "Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.",
    "published": "2026-06-25T00:33:02.961Z",
    "modified": "2026-06-25T00:33:02.961Z",
    "type": "cve",
    "title": "Arbitrary File Read in Rapid7 InsightConnect Sed Plugin",
    "source": "rapid7",
    "references": "https://extensions.rapid7.com/extension/sed",
    "id": "CVE-2026-9153",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Rapid7 InsightConnect Sed Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InsightConnect Sed Plugin",
    "version": "0",
    "vendor": "Rapid7",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}