PatchSiren cyber security CVE debrief
CVE-2026-8662 Rapid7 CVE debrief
CVE-2026-8662 is a Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux. The vulnerability allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 3.3, indicating a Low severity. The vulnerability was published on June 25, 2026, and last modified on June 29, 2026.
- Vendor
- Rapid7
- Product
- InsightConnect Compression Plugin
- CVSS
- LOW 3.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-06-29
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-06-29
Who should care
Linux users and administrators who have installed Rapid7 InsightConnect Compression Plugin should be aware of this vulnerability. Although the vulnerability has a Low severity score, it is still important to patch to prevent potential file corruption. Additionally, organizations using Rapid7 InsightConnect should review their plugins and ensure they are up-to-date.
Technical summary
The CVE-2026-8662 vulnerability is a Path Traversal issue in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux. An attacker must have authentication credentials to exploit this vulnerability. The vulnerability allows an attacker to write to unintended file paths via crafted filename input, but the impact is limited to file corruption as the attacker cannot control the content. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L.
Defensive priority
This vulnerability has a Low severity score of 3.3. However, it is still recommended to patch the vulnerability to prevent potential file corruption. Linux users and administrators should review their Rapid7 InsightConnect Compression Plugin versions and ensure they are up-to-date.
Recommended defensive actions
- Review and patch Rapid7 InsightConnect Compression Plugin versions to prevent potential file corruption.
- Ensure authentication credentials are secure to prevent unauthorized access.
- Monitor Linux systems for potential file corruption.
- Review Rapid7 InsightConnect plugins and ensure they are up-to-date.
- Consider implementing additional security measures to prevent Path Traversal attacks.
Evidence notes
The CVE-2026-8662 vulnerability was published on June 25, 2026, and last modified on June 29, 2026. The vulnerability has a CVSS score of 3.3 and a Low severity. The vulnerability is a Path Traversal issue in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux. The impact is limited to file corruption as content cannot be controlled by the attacker.
Official resources
-
CVE-2026-8662 CVE record
CVE.org
-
CVE-2026-8662 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
This article is AI-assisted and based on the supplied source corpus.