CVE-2026-8661

MEDIUM 4.8

Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

CVSS Score

4.8

EPSS Score

0.0%

EPSS Percentile

0th

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.

CWE	CWE-79 CWE-918
Vendor	rapid7
Product	insightconnect markdown plugin
Published	Jun 26, 2026

Stay Ahead of the Next One

Get instant alerts for rapid7 insightconnect markdown plugin

Be the first to know when new medium vulnerabilities affecting rapid7 insightconnect markdown plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Rapid7 / InsightConnect Markdown Plugin

0 < 4.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/rapid7/insightconnect-plugins/blob/master/plugins/markdown/help.md github.com: https://github.com/rapid7/insightconnect-plugins/pull/3721

Credits

Jacob Steadman, Rapid7 Jed Starr, Rapid7