Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to...

4.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.

Basic Information

ID CVE-2026-8661

Source rapid7

Published Jun 26, 2026 at 01:59

Affected Product

Vendor Rapid7

Product InsightConnect Markdown Plugin

Affected Versions Rapid7 InsightConnect Markdown Plugin 0

CWE Classification

CWE-79 CWE-918

References

{
    "lastseen": "",
    "description": "Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.",
    "published": "2026-06-26T01:59:58.963Z",
    "modified": "2026-06-26T01:59:58.963Z",
    "type": "cve",
    "title": "Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin",
    "source": "rapid7",
    "references": "https://github.com/rapid7/insightconnect-plugins/blob/master/plugins/markdown/help.md\nhttps://github.com/rapid7/insightconnect-plugins/pull/3721",
    "id": "CVE-2026-8661",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Rapid7 InsightConnect Markdown Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "InsightConnect Markdown Plugin",
    "version": "0",
    "vendor": "Rapid7",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin_CVE-2026-8661