CVE-2026-9153 | Arbitrary File Read vulnerability in Rapid7 InsightConnect S… | CVSS 6.5 MEDIUM

Description

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

Metadata

CVE ID: CVE-2026-9153
State: PUBLISHED
Assigner: rapid7
Reserved: 2026-05-21 01:03 UTC
Published: 2026-06-25 00:33 UTC
Last updated: 2026-06-25 00:33 UTC
Primary CWE: CWE-22
CWE-22 Improper Limitation of a Pathname to a Restricted Dir…
Vendor / Product: Rapid7 / InsightConnect Sed Plugin
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Rapid7	InsightConnect Sed Plugin	Linux	0 < 2.0.5, 2.0.5

Weakness (CWE)

CWE	Source	Description
CWE-200	cna	CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-22	cna	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (1)

https://extensions.rapid7.com/extension/sed