Path Traversal in Rapid7 InsightConnect Compression Plugin_CVE-2026-8662

3.3 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Description

Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.

Basic Information

ID CVE-2026-8662

Source rapid7

Published Jun 25, 2026 at 01:51

Affected Product

Vendor Rapid7

Product InsightConnect Compression Plugin

Affected Versions Rapid7 InsightConnect Compression Plugin 0

CWE Classification

CWE-22

References

extensions.rapid7.com /extension/compression

{
    "lastseen": "",
    "description": "Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.",
    "published": "2026-06-25T01:51:33.568Z",
    "modified": "2026-06-25T01:51:33.568Z",
    "type": "cve",
    "title": "Path Traversal in Rapid7 InsightConnect Compression Plugin",
    "source": "rapid7",
    "references": "https://extensions.rapid7.com/extension/compression",
    "id": "CVE-2026-8662",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Rapid7 InsightConnect Compression Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 3.3,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InsightConnect Compression Plugin",
    "version": "0",
    "vendor": "Rapid7",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}