CVE 8.8 HIGH

OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter._CVE-2026-9155

June 24, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

AI Analysis

OS Command Injection vulnerability allowing execution of arbitrary OS commands

Basic Information

ID CVE-2026-9155

Source rapid7

Published Jun 25, 2026 at 00:25

Affected Product

Vendor Rapid7

Product InsightConnect Sed Plugin

Affected Versions Rapid7 InsightConnect Sed Plugin 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Rapid7

Product InsightConnect Sed Plugin

References

extensions.rapid7.com /extension/sed

{
    "lastseen": "",
    "description": "OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.",
    "published": "2026-06-25T00:25:22.606Z",
    "modified": "2026-06-25T00:25:22.606Z",
    "type": "cve",
    "title": "OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.",
    "source": "rapid7",
    "references": "https://extensions.rapid7.com/extension/sed",
    "id": "CVE-2026-9155",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Rapid7 InsightConnect Sed Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InsightConnect Sed Plugin",
    "version": "0",
    "vendor": "Rapid7",
    "ai_description": "OS Command Injection vulnerability allowing execution of arbitrary OS commands",
    "ai_severity": "High",
    "ai_vendor": "Rapid7",
    "ai_product": "InsightConnect Sed Plugin",
    "ai_version": "0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply