CVE-2026-9155

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.
References
Link Resource
https://extensions.rapid7.com/extension/sed Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:gnu:sed:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

27 Jun 2026, 19:24

Type Values Removed Values Added
References () https://extensions.rapid7.com/extension/sed - () https://extensions.rapid7.com/extension/sed - Vendor Advisory
CPE cpe:2.3:a:gnu:sed:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
First Time Gnu
Linux linux Kernel
Gnu sed
Linux

25 Jun 2026, 01:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 01:16

Updated : 2026-06-27 19:24


NVD link : CVE-2026-9155

Mitre link : CVE-2026-9155

CVE.ORG link : CVE-2026-9155


JSON object : View

Products Affected

gnu

  • sed

linux

  • linux_kernel
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')