Home

Description

Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker.

PUBLISHED Reserved 2026-05-15 | Published 2026-06-25 | Updated 2026-06-25 | Assigner rapid7




LOW: 3.3CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before 2.0.3
affected

2.0.3 (custom)
unaffected

Credits

Jacob Steadman, Rapid7 finder

Jed Starr, Rapid7 finder

References

extensions.rapid7.com/extension/compression vendor-advisory

cve.org (CVE-2026-8662)

nvd.nist.gov (CVE-2026-8662)

Download JSON