CVE-2026-8658

Summary

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.

Affected Software

VendorProductVersion RangeStatus
Rapid7InsightConnect Tcpdump Plugin0 < 2.0.0affected
Rapid7InsightConnect Tcpdump Plugin2.0.0unaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References