CVE-2026-8662 | Path Traversal vulnerability in the create_archive function … | CVSS 3.3 LOW

Description

Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.

Metadata

CVE ID: CVE-2026-8662
State: PUBLISHED
Assigner: rapid7
Reserved: 2026-05-15 06:29 UTC
Published: 2026-06-25 01:51 UTC
Last updated: 2026-06-25 01:51 UTC
Primary CWE: CWE-22
CWE-22 Improper Limitation of a Pathname to a Restricted Dir…
Vendor / Product: Rapid7 / InsightConnect Compression Plugin
Sources: cve.org · NVD

Severity & Metrics

3.3 LOW CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Affected products (1)

Vendor	Product	Platform	Versions
Rapid7	InsightConnect Compression Plugin	Linux	0 < 2.0.3, 2.0.3

Weakness (CWE)

CWE	Source	Description
CWE-22	cna	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS scores (1)

Score	Severity	Version	Source	Vector
3.3	LOW	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

References (1)

https://extensions.rapid7.com/extension/compression