CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4837

An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the Rapid7 Platform, it is unlikely that the eval() function could be exploited remotely without prior, highly privileged access to the backend platform.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.5%

CVSS Severity

CVSS v3 Score 6.6

References

https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes

Products affected by CVE-2026-4837

Rapid7 » Insight Agent » Version: N/A

cpe:2.3:a:rapid7:insight_agent:-
Rapid7 » Insight Agent » Version: 2.5.2

cpe:2.3:a:rapid7:insight_agent:2.5.2
Rapid7 » Insight Agent » Version: 2.5.3

cpe:2.3:a:rapid7:insight_agent:2.5.3
Rapid7 » Insight Agent » Version: 2.6.0

cpe:2.3:a:rapid7:insight_agent:2.6.0
Rapid7 » Insight Agent » Version: 2.6.1

cpe:2.3:a:rapid7:insight_agent:2.6.1
Rapid7 » Insight Agent » Version: 2.6.2

cpe:2.3:a:rapid7:insight_agent:2.6.2
Rapid7 » Insight Agent » Version: 2.6.3

cpe:2.3:a:rapid7:insight_agent:2.6.3
Rapid7 » Insight Agent » Version: 2.6.4

cpe:2.3:a:rapid7:insight_agent:2.6.4
Rapid7 » Insight Agent » Version: 2.6.5

cpe:2.3:a:rapid7:insight_agent:2.6.5
Rapid7 » Insight Agent » Version: 2.6.6

cpe:2.3:a:rapid7:insight_agent:2.6.6
Rapid7 » Insight Agent » Version: 2.6.7

cpe:2.3:a:rapid7:insight_agent:2.6.7
Rapid7 » Insight Agent » Version: 2.7.0

cpe:2.3:a:rapid7:insight_agent:2.7.0
Rapid7 » Insight Agent » Version: 2.7.1

cpe:2.3:a:rapid7:insight_agent:2.7.1
Rapid7 » Insight Agent » Version: 2.7.10

cpe:2.3:a:rapid7:insight_agent:2.7.10
Rapid7 » Insight Agent » Version: 2.7.11

cpe:2.3:a:rapid7:insight_agent:2.7.11
Rapid7 » Insight Agent » Version: 2.7.13

cpe:2.3:a:rapid7:insight_agent:2.7.13
Rapid7 » Insight Agent » Version: 2.7.14

cpe:2.3:a:rapid7:insight_agent:2.7.14
Rapid7 » Insight Agent » Version: 2.7.15

cpe:2.3:a:rapid7:insight_agent:2.7.15
Rapid7 » Insight Agent » Version: 2.7.16

cpe:2.3:a:rapid7:insight_agent:2.7.16
Rapid7 » Insight Agent » Version: 2.7.17

cpe:2.3:a:rapid7:insight_agent:2.7.17
Rapid7 » Insight Agent » Version: 2.7.18

cpe:2.3:a:rapid7:insight_agent:2.7.18
Rapid7 » Insight Agent » Version: 2.7.19

cpe:2.3:a:rapid7:insight_agent:2.7.19
Rapid7 » Insight Agent » Version: 2.7.2

cpe:2.3:a:rapid7:insight_agent:2.7.2
Rapid7 » Insight Agent » Version: 2.7.20

cpe:2.3:a:rapid7:insight_agent:2.7.20
Rapid7 » Insight Agent » Version: 2.7.21

cpe:2.3:a:rapid7:insight_agent:2.7.21
Rapid7 » Insight Agent » Version: 2.7.22

cpe:2.3:a:rapid7:insight_agent:2.7.22
Rapid7 » Insight Agent » Version: 2.7.3

cpe:2.3:a:rapid7:insight_agent:2.7.3
Rapid7 » Insight Agent » Version: 2.7.4

cpe:2.3:a:rapid7:insight_agent:2.7.4
Rapid7 » Insight Agent » Version: 2.7.5

cpe:2.3:a:rapid7:insight_agent:2.7.5
Rapid7 » Insight Agent » Version: 2.7.6

cpe:2.3:a:rapid7:insight_agent:2.7.6
Rapid7 » Insight Agent » Version: 2.7.7

cpe:2.3:a:rapid7:insight_agent:2.7.7
Rapid7 » Insight Agent » Version: 2.7.8

cpe:2.3:a:rapid7:insight_agent:2.7.8
Rapid7 » Insight Agent » Version: 2.7.9

cpe:2.3:a:rapid7:insight_agent:2.7.9
Rapid7 » Insight Agent » Version: 3.0.1

cpe:2.3:a:rapid7:insight_agent:3.0.1
Rapid7 » Insight Agent » Version: 3.0.10

cpe:2.3:a:rapid7:insight_agent:3.0.10
Rapid7 » Insight Agent » Version: 3.0.2.3

cpe:2.3:a:rapid7:insight_agent:3.0.2.3
Rapid7 » Insight Agent » Version: 3.0.3

cpe:2.3:a:rapid7:insight_agent:3.0.3
Rapid7 » Insight Agent » Version: 3.0.4

cpe:2.3:a:rapid7:insight_agent:3.0.4
Rapid7 » Insight Agent » Version: 3.0.5

cpe:2.3:a:rapid7:insight_agent:3.0.5
Rapid7 » Insight Agent » Version: 3.0.6

cpe:2.3:a:rapid7:insight_agent:3.0.6
Rapid7 » Insight Agent » Version: 3.0.7

cpe:2.3:a:rapid7:insight_agent:3.0.7
Rapid7 » Insight Agent » Version: 3.0.8

cpe:2.3:a:rapid7:insight_agent:3.0.8
Rapid7 » Insight Agent » Version: 3.0.9

cpe:2.3:a:rapid7:insight_agent:3.0.9
Rapid7 » Insight Agent » Version: 3.1.0

cpe:2.3:a:rapid7:insight_agent:3.1.0
Rapid7 » Insight Agent » Version: 3.1.1

cpe:2.3:a:rapid7:insight_agent:3.1.1
Rapid7 » Insight Agent » Version: 3.1.10

cpe:2.3:a:rapid7:insight_agent:3.1.10
Rapid7 » Insight Agent » Version: 3.1.10.34

cpe:2.3:a:rapid7:insight_agent:3.1.10.34
Rapid7 » Insight Agent » Version: 3.1.10.36

cpe:2.3:a:rapid7:insight_agent:3.1.10.36
Rapid7 » Insight Agent » Version: 3.1.11

cpe:2.3:a:rapid7:insight_agent:3.1.11
Rapid7 » Insight Agent » Version: 3.1.12

cpe:2.3:a:rapid7:insight_agent:3.1.12
Rapid7 » Insight Agent » Version: 3.1.2

cpe:2.3:a:rapid7:insight_agent:3.1.2
Rapid7 » Insight Agent » Version: 3.1.2.35

cpe:2.3:a:rapid7:insight_agent:3.1.2.35
Rapid7 » Insight Agent » Version: 3.1.2.36

cpe:2.3:a:rapid7:insight_agent:3.1.2.36
Rapid7 » Insight Agent » Version: 3.1.2.38

cpe:2.3:a:rapid7:insight_agent:3.1.2.38
Rapid7 » Insight Agent » Version: 3.1.3

cpe:2.3:a:rapid7:insight_agent:3.1.3
Rapid7 » Insight Agent » Version: 3.1.3.78

cpe:2.3:a:rapid7:insight_agent:3.1.3.78
Rapid7 » Insight Agent » Version: 3.1.3.79

cpe:2.3:a:rapid7:insight_agent:3.1.3.79
Rapid7 » Insight Agent » Version: 3.1.3.80

cpe:2.3:a:rapid7:insight_agent:3.1.3.80
Rapid7 » Insight Agent » Version: 3.1.4

cpe:2.3:a:rapid7:insight_agent:3.1.4
Rapid7 » Insight Agent » Version: 3.1.4.48

cpe:2.3:a:rapid7:insight_agent:3.1.4.48
Rapid7 » Insight Agent » Version: 3.1.4.49

cpe:2.3:a:rapid7:insight_agent:3.1.4.49
Rapid7 » Insight Agent » Version: 3.1.4.52

cpe:2.3:a:rapid7:insight_agent:3.1.4.52
Rapid7 » Insight Agent » Version: 3.1.5

cpe:2.3:a:rapid7:insight_agent:3.1.5
Rapid7 » Insight Agent » Version: 3.1.5.15

cpe:2.3:a:rapid7:insight_agent:3.1.5.15
Rapid7 » Insight Agent » Version: 3.1.6

cpe:2.3:a:rapid7:insight_agent:3.1.6
Rapid7 » Insight Agent » Version: 3.1.6.44

cpe:2.3:a:rapid7:insight_agent:3.1.6.44
Rapid7 » Insight Agent » Version: 3.1.6.45

cpe:2.3:a:rapid7:insight_agent:3.1.6.45
Rapid7 » Insight Agent » Version: 3.1.7

cpe:2.3:a:rapid7:insight_agent:3.1.7
Rapid7 » Insight Agent » Version: 3.1.8

cpe:2.3:a:rapid7:insight_agent:3.1.8
Rapid7 » Insight Agent » Version: 3.1.9

cpe:2.3:a:rapid7:insight_agent:3.1.9
Rapid7 » Insight Agent » Version: 3.2.0

cpe:2.3:a:rapid7:insight_agent:3.2.0
Rapid7 » Insight Agent » Version: 3.2.1

cpe:2.3:a:rapid7:insight_agent:3.2.1
Rapid7 » Insight Agent » Version: 3.2.2

cpe:2.3:a:rapid7:insight_agent:3.2.2
Rapid7 » Insight Agent » Version: 3.2.3

cpe:2.3:a:rapid7:insight_agent:3.2.3
Rapid7 » Insight Agent » Version: 3.2.4

cpe:2.3:a:rapid7:insight_agent:3.2.4
Rapid7 » Insight Agent » Version: 3.2.5

cpe:2.3:a:rapid7:insight_agent:3.2.5
Rapid7 » Insight Agent » Version: 3.2.6

cpe:2.3:a:rapid7:insight_agent:3.2.6
Rapid7 » Insight Agent » Version: 3.3.0

cpe:2.3:a:rapid7:insight_agent:3.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4837

Products

Pricing

Contact Us