PatchSiren

Rapid7 CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW Rapid7 CVE published 2026-06-25

CVE-2026-8662

CVE-2026-8662 is a Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux. The vulnerability allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker. The Common Vulnerability Scoring System (CVSS) score for this vulnerabilit [truncated]

HIGH Rapid7 CVE published 2026-06-25

CVE-2026-8666

CVE-2026-8666 is an OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux. The vulnerability allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters. This is due to insufficient input validation when constructing shell commands. The CVE has a CVSS score of 7.7 and is classified as [truncated]

HIGH Rapid7 CVE published 2026-06-25

CVE-2026-8665

CVE-2026-8665 is an OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux. The vulnerability allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction. This CVE has a CVSS score of 7.7 and is classified as HIGH severity. The vulnerability was published [truncated]

MEDIUM Rapid7 CVE published 2026-06-25

CVE-2026-8664

CVE-2026-8664 is an OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux. Authenticated attackers can execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction. The vulnerability has a CVSS score of 6 and a severity of MEDIUM. It was published on June 25, 2026, and last modified on June 29, 2026. The CVE r [truncated]

HIGH Rapid7 CVE published 2026-06-25

CVE-2026-8592

CVE-2026-8592 is an OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux. The vulnerability allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline. This CVE was published on June 25, 2026, and has a CVSS score of 7.7, classified as HIGH. The vu [truncated]

MEDIUM Rapid7 CVE published 2026-06-25

CVE-2026-8659

CVE-2026-8659 is an OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux. Authenticated attackers can execute arbitrary OS commands via the 'api_host' or 'api_port' parameters during connection configuration due to insufficient input validation. This vulnerability has a CVSS score of 6, indicating a medium severity level. The CVE was published on June 25, 2026, and last modif [truncated]

HIGH Rapid7 CVE published 2026-06-09

CVE-2026-8795

CVE-2026-8795 is a high-severity vulnerability in Rapid7 Velociraptor, a threat detection and response platform. The vulnerability exists in the Windows.Collectors.Remapping artifact and allows for YAML injection attacks. An attacker can provide a crafted collection ZIP file that, when processed, injects arbitrary VQL code, leading to code execution with elevated privileges.

MEDIUM Rapid7 CVE published 2026-04-10

CVE-2026-4482

CVE-2026-4482 is a medium-severity vulnerability affecting Rapid7 Insight Agent. The installer certificate files have improper permissions on Windows systems, potentially exposing agent identity material to locally authenticated standard users.

HIGH Rapid7 CVE published 2017-03-02

CVE-2017-5235

CVE-2017-5235 is a DLL preloading issue affecting Rapid7 Metasploit Pro installers. According to the CVE description, an attacker could place a malicious DLL in the installer’s current working directory and influence what the installer loads. NVD rates the issue HIGH with CVSS 3.0 7.8, reflecting the potential for local code execution when a user runs the installer. Rapid7’s advisory references a fixed in [truncated]

HIGH Rapid7 CVE published 2017-03-02

CVE-2017-5234

CVE-2017-5234 affects Rapid7 Insight Collector installers prior to 1.0.16. The NVD record states that the installer may load a malicious DLL from its current working directory, which can lead to code execution when a user runs the installer. NVD rates the issue HIGH with CVSS 7.8, and the CVE was published on 2017-03-02.

HIGH Rapid7 CVE published 2017-03-02

CVE-2017-5233

CVE-2017-5233 is a DLL preloading issue in Rapid7 AppSpider Pro installers before version 6.14.053. If the installer is launched from a directory containing a malicious DLL, it may load that DLL instead of the intended library. The risk is highest during installation, where a local attacker or a user working from an untrusted directory could influence code execution.

HIGH Rapid7 CVE published 2017-03-02

CVE-2017-5232

CVE-2017-5232 is a DLL preloading weakness in Rapid7 Nexpose installers affecting versions prior to 6.4.24. If the installer is launched from a directory containing a malicious DLL with a name the installer resolves, it may load that file during installation. The issue was publicly disclosed on 2017-03-02 and carries a high CVSS 3.0 score because successful abuse can impact confidentiality, integrity, and [truncated]

HIGH Rapid7 CVE published 2017-03-02

CVE-2017-5231

CVE-2017-5231 is a directory traversal issue in Rapid7 Metasploit’s Meterpreter stdapi CommandDispatcher.cmd_download() function. A specially crafted Meterpreter build can write to an arbitrary directory on the Metasploit console using the permissions of the running Metasploit instance. CVSS is HIGH (7.1). The CVE was published on 2017-03-02 and later modified by NVD on 2026-05-13.

HIGH Rapid7 CVE published 2017-03-02

CVE-2017-5230

CVE-2017-5230 affects Rapid7 Nexpose versions prior to 6.4.50. The issue is that the Java keystore used to store saved scan credentials is protected by a static password that users cannot change, weakening the security of credentials intended to be stored on disk. Rapid7’s release notes point to 6.4.50 as the fixed version, and the NVD entry classifies the weakness as CWE-798 (Use of Hard-coded Credentials).

HIGH Rapid7 CVE published 2017-03-02

CVE-2017-5229

CVE-2017-5229 is a high-severity directory traversal issue in Rapid7 Metasploit’s Meterpreter extapi Clipboard.parse_dump() path handling. A specially crafted Meterpreter build could cause the Metasploit console to write into an arbitrary directory with the privileges of the running instance. The vulnerability was published on 2017-03-02; NVD later updated the record on 2026-05-13.

HIGH Rapid7 CVE published 2017-03-02

CVE-2017-5228

CVE-2017-5228 is a directory traversal flaw in Rapid7 Metasploit's Meterpreter stdapi Dir.download() function. Per the CVE description, an attacker using a specially crafted Meterpreter build can write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. The issue was published on 2017-03-02 and carries a HIGH severity rating. Defensive focus should [truncated]