CVE-2026-9155

HIGH

OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.

Title source: cna
STIX 2.1

Description

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://extensions.rapid7.com/extension/sed

Scores

CVSS v3 8.8
EPSS 0.0092
EPSS Percentile 56.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (3)
gnu/sed 4.2.2
Rapid7/InsightConnect Sed Plugin < 2.0.5
Rapid7/InsightConnect Sed Plugin 2.0.5
Published Jun 25, 2026
Tracked Since Jun 25, 2026