CVE-2026-8659

MEDIUM NVD

CVSS Score 6

Severity MEDIUM

Published Jun 25, 2026

Vendor unknown

Description

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation.

References

https://extensions.rapid7.com/extension/sqlmap