CVE-2026-8662
Received Received - Intake
Path Traversal in Rapid7 InsightConnect Compression Plugin

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Rapid7, Inc.

Description
Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-8662
EUVD
EUVD-2026-39162
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rapid7 insightconnect_compression_plugin *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Path Traversal issue found in the create_archive function of the Rapid7 InsightConnect Compression Plugin on Linux. It allows authenticated attackers to write files to unintended file paths by using specially crafted filename inputs.

However, the attacker cannot control the content of the files being written, so the impact is limited to file corruption rather than arbitrary code execution or data theft.

Impact Analysis

The vulnerability can lead to file corruption on the affected system because attackers can write files to unintended locations.

Since the attacker cannot control the content of the files, the impact is limited and does not include data disclosure or remote code execution.

The CVSS score of 3.3 indicates a low severity impact, primarily affecting availability and integrity.

Compliance Impact

This vulnerability allows authenticated attackers to write to unintended file paths, potentially causing file corruption. However, the attacker cannot control the content written.

Given the limited impact to file corruption without content control, the vulnerability may pose a low risk to data integrity and confidentiality.

There is no direct information on how this vulnerability affects compliance with standards such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8662. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart