What is CVE-2026-8592?

CVE-2026-8592 is a high-severity vulnerability in Rapid7 Insightconnect Awk Plugin, classified under OS Command Injection. CVSS score: 7.7/10. Published 2026-06-25.

How severe is CVE-2026-8592?

High severity. CVSS v3 base score is 7.7 out of 10.

RCE in Rapid7 Insightconnect Awk Plugin

CVE-2026-8592

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command constru…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.006 (42.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L.

Affected products

Rapid7 Insightconnect Awk Plugin — versions 0, 1.2.2

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cve@rapid7.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-8592?: CVE-2026-8592 is a high-severity vulnerability in Rapid7 Insightconnect Awk Plugin, classified under OS Command Injection. CVSS score: 7.7/10. Published 2026-06-25.
How severe is CVE-2026-8592?: High severity. CVSS v3 base score is 7.7 out of 10.