CVE-2026-8659

Summary

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

Affected Software

VendorProductVersion RangeStatus
Rapid7InsightConnect SQLmap Plugin0 < 2.0.1affected
Rapid7InsightConnect SQLmap Plugin2.0.1unaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References