CVE-2026-9154

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.
References
Link Resource
https://extensions.rapid7.com/extension/sed Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:gnu:sed:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

27 Jun 2026, 19:25

Type Values Removed Values Added
References () https://extensions.rapid7.com/extension/sed - () https://extensions.rapid7.com/extension/sed - Vendor Advisory
First Time Gnu
Linux linux Kernel
Gnu sed
Linux
CPE cpe:2.3:a:gnu:sed:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

25 Jun 2026, 01:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 01:16

Updated : 2026-06-27 19:25


NVD link : CVE-2026-9154

Mitre link : CVE-2026-9154

CVE.ORG link : CVE-2026-9154


JSON object : View

Products Affected

gnu

  • sed

linux

  • linux_kernel
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')