CVE-2026-9153
MEDIUMArbitrary File Read in Rapid7 InsightConnect Sed Plugin
Title source: cnaDescription
Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://extensions.rapid7.com/extension/sed
Scores
CVSS v3
6.5
EPSS
0.0030
EPSS Percentile
21.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
CWE-22
Status
published
Products (2)
Rapid7/InsightConnect Sed Plugin
< 2.0.5
Rapid7/InsightConnect Sed Plugin
2.0.5
Published
Jun 25, 2026
Tracked Since
Jun 25, 2026