CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-8666

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 42.1%

CVSS Severity

CVSS v3 Score 7.7

References

https://extensions.rapid7.com/extension/traceroute

Products affected by CVE-2026-8666

Rapid7 » Insightconnect Traceroute » Version: Any

cpe:2.3:a:rapid7:insightconnect_traceroute:*
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-8666

Products

Pricing

Contact Us