PT-2026-52184 · Rapid7 · Insightconnect Ping Plugin

Published

2026-06-25

Updated

2026-06-25

CVE-2026-8660

CVSS v3.1

7.7

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-8660

Affected Products

Insightconnect Ping Plugin

PT-2026-52184 · Rapid7 · Insightconnect Ping Plugin

CVE-2026-8660

Weakness Enumeration

Related Identifiers

Affected Products

References · 2