CVE-2026-9155

Summary

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

Affected Software

VendorProductVersion RangeStatus
Rapid7InsightConnect Sed Plugin0 < 2.0.5affected
Rapid7InsightConnect Sed Plugin2.0.5unaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References