CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-6482

The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.4%

CVSS Severity

CVSS v3 Score 7.8

References

https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes

Products affected by CVE-2026-6482

Rapid7 » Insight Agent » Version: N/A

cpe:2.3:a:rapid7:insight_agent:-
Rapid7 » Insight Agent » Version: 2.5.2

cpe:2.3:a:rapid7:insight_agent:2.5.2
Rapid7 » Insight Agent » Version: 2.5.3

cpe:2.3:a:rapid7:insight_agent:2.5.3
Rapid7 » Insight Agent » Version: 2.6.0

cpe:2.3:a:rapid7:insight_agent:2.6.0
Rapid7 » Insight Agent » Version: 2.6.1

cpe:2.3:a:rapid7:insight_agent:2.6.1
Rapid7 » Insight Agent » Version: 2.6.2

cpe:2.3:a:rapid7:insight_agent:2.6.2
Rapid7 » Insight Agent » Version: 2.6.3

cpe:2.3:a:rapid7:insight_agent:2.6.3
Rapid7 » Insight Agent » Version: 2.6.4

cpe:2.3:a:rapid7:insight_agent:2.6.4
Rapid7 » Insight Agent » Version: 2.6.5

cpe:2.3:a:rapid7:insight_agent:2.6.5
Rapid7 » Insight Agent » Version: 2.6.6

cpe:2.3:a:rapid7:insight_agent:2.6.6
Rapid7 » Insight Agent » Version: 2.6.7

cpe:2.3:a:rapid7:insight_agent:2.6.7
Rapid7 » Insight Agent » Version: 2.7.0

cpe:2.3:a:rapid7:insight_agent:2.7.0
Rapid7 » Insight Agent » Version: 2.7.1

cpe:2.3:a:rapid7:insight_agent:2.7.1
Rapid7 » Insight Agent » Version: 2.7.10

cpe:2.3:a:rapid7:insight_agent:2.7.10
Rapid7 » Insight Agent » Version: 2.7.11

cpe:2.3:a:rapid7:insight_agent:2.7.11
Rapid7 » Insight Agent » Version: 2.7.13

cpe:2.3:a:rapid7:insight_agent:2.7.13
Rapid7 » Insight Agent » Version: 2.7.14

cpe:2.3:a:rapid7:insight_agent:2.7.14
Rapid7 » Insight Agent » Version: 2.7.15

cpe:2.3:a:rapid7:insight_agent:2.7.15
Rapid7 » Insight Agent » Version: 2.7.16

cpe:2.3:a:rapid7:insight_agent:2.7.16
Rapid7 » Insight Agent » Version: 2.7.17

cpe:2.3:a:rapid7:insight_agent:2.7.17
Rapid7 » Insight Agent » Version: 2.7.18

cpe:2.3:a:rapid7:insight_agent:2.7.18
Rapid7 » Insight Agent » Version: 2.7.19

cpe:2.3:a:rapid7:insight_agent:2.7.19
Rapid7 » Insight Agent » Version: 2.7.2

cpe:2.3:a:rapid7:insight_agent:2.7.2
Rapid7 » Insight Agent » Version: 2.7.20

cpe:2.3:a:rapid7:insight_agent:2.7.20
Rapid7 » Insight Agent » Version: 2.7.21

cpe:2.3:a:rapid7:insight_agent:2.7.21
Rapid7 » Insight Agent » Version: 2.7.22

cpe:2.3:a:rapid7:insight_agent:2.7.22
Rapid7 » Insight Agent » Version: 2.7.3

cpe:2.3:a:rapid7:insight_agent:2.7.3
Rapid7 » Insight Agent » Version: 2.7.4

cpe:2.3:a:rapid7:insight_agent:2.7.4
Rapid7 » Insight Agent » Version: 2.7.5

cpe:2.3:a:rapid7:insight_agent:2.7.5
Rapid7 » Insight Agent » Version: 2.7.6

cpe:2.3:a:rapid7:insight_agent:2.7.6
Rapid7 » Insight Agent » Version: 2.7.7

cpe:2.3:a:rapid7:insight_agent:2.7.7
Rapid7 » Insight Agent » Version: 2.7.8

cpe:2.3:a:rapid7:insight_agent:2.7.8
Rapid7 » Insight Agent » Version: 2.7.9

cpe:2.3:a:rapid7:insight_agent:2.7.9
Rapid7 » Insight Agent » Version: 3.0.1

cpe:2.3:a:rapid7:insight_agent:3.0.1
Rapid7 » Insight Agent » Version: 3.0.10

cpe:2.3:a:rapid7:insight_agent:3.0.10
Rapid7 » Insight Agent » Version: 3.0.2.3

cpe:2.3:a:rapid7:insight_agent:3.0.2.3
Rapid7 » Insight Agent » Version: 3.0.3

cpe:2.3:a:rapid7:insight_agent:3.0.3
Rapid7 » Insight Agent » Version: 3.0.4

cpe:2.3:a:rapid7:insight_agent:3.0.4
Rapid7 » Insight Agent » Version: 3.0.5

cpe:2.3:a:rapid7:insight_agent:3.0.5
Rapid7 » Insight Agent » Version: 3.0.6

cpe:2.3:a:rapid7:insight_agent:3.0.6
Rapid7 » Insight Agent » Version: 3.0.7

cpe:2.3:a:rapid7:insight_agent:3.0.7
Rapid7 » Insight Agent » Version: 3.0.8

cpe:2.3:a:rapid7:insight_agent:3.0.8
Rapid7 » Insight Agent » Version: 3.0.9

cpe:2.3:a:rapid7:insight_agent:3.0.9
Rapid7 » Insight Agent » Version: 3.1.0

cpe:2.3:a:rapid7:insight_agent:3.1.0
Rapid7 » Insight Agent » Version: 3.1.1

cpe:2.3:a:rapid7:insight_agent:3.1.1
Rapid7 » Insight Agent » Version: 3.1.10

cpe:2.3:a:rapid7:insight_agent:3.1.10
Rapid7 » Insight Agent » Version: 3.1.10.34

cpe:2.3:a:rapid7:insight_agent:3.1.10.34
Rapid7 » Insight Agent » Version: 3.1.10.36

cpe:2.3:a:rapid7:insight_agent:3.1.10.36
Rapid7 » Insight Agent » Version: 3.1.11

cpe:2.3:a:rapid7:insight_agent:3.1.11
Rapid7 » Insight Agent » Version: 3.1.12

cpe:2.3:a:rapid7:insight_agent:3.1.12
Rapid7 » Insight Agent » Version: 3.1.2

cpe:2.3:a:rapid7:insight_agent:3.1.2
Rapid7 » Insight Agent » Version: 3.1.2.35

cpe:2.3:a:rapid7:insight_agent:3.1.2.35
Rapid7 » Insight Agent » Version: 3.1.2.36

cpe:2.3:a:rapid7:insight_agent:3.1.2.36
Rapid7 » Insight Agent » Version: 3.1.2.38

cpe:2.3:a:rapid7:insight_agent:3.1.2.38
Rapid7 » Insight Agent » Version: 3.1.3

cpe:2.3:a:rapid7:insight_agent:3.1.3
Rapid7 » Insight Agent » Version: 3.1.3.78

cpe:2.3:a:rapid7:insight_agent:3.1.3.78
Rapid7 » Insight Agent » Version: 3.1.3.79

cpe:2.3:a:rapid7:insight_agent:3.1.3.79
Rapid7 » Insight Agent » Version: 3.1.3.80

cpe:2.3:a:rapid7:insight_agent:3.1.3.80
Rapid7 » Insight Agent » Version: 3.1.4

cpe:2.3:a:rapid7:insight_agent:3.1.4
Rapid7 » Insight Agent » Version: 3.1.4.48

cpe:2.3:a:rapid7:insight_agent:3.1.4.48
Rapid7 » Insight Agent » Version: 3.1.4.49

cpe:2.3:a:rapid7:insight_agent:3.1.4.49
Rapid7 » Insight Agent » Version: 3.1.4.52

cpe:2.3:a:rapid7:insight_agent:3.1.4.52
Rapid7 » Insight Agent » Version: 3.1.5

cpe:2.3:a:rapid7:insight_agent:3.1.5
Rapid7 » Insight Agent » Version: 3.1.5.15

cpe:2.3:a:rapid7:insight_agent:3.1.5.15
Rapid7 » Insight Agent » Version: 3.1.6

cpe:2.3:a:rapid7:insight_agent:3.1.6
Rapid7 » Insight Agent » Version: 3.1.6.44

cpe:2.3:a:rapid7:insight_agent:3.1.6.44
Rapid7 » Insight Agent » Version: 3.1.6.45

cpe:2.3:a:rapid7:insight_agent:3.1.6.45
Rapid7 » Insight Agent » Version: 3.1.7

cpe:2.3:a:rapid7:insight_agent:3.1.7
Rapid7 » Insight Agent » Version: 3.1.8

cpe:2.3:a:rapid7:insight_agent:3.1.8
Rapid7 » Insight Agent » Version: 3.1.9

cpe:2.3:a:rapid7:insight_agent:3.1.9
Rapid7 » Insight Agent » Version: 3.2.0

cpe:2.3:a:rapid7:insight_agent:3.2.0
Rapid7 » Insight Agent » Version: 3.2.1

cpe:2.3:a:rapid7:insight_agent:3.2.1
Rapid7 » Insight Agent » Version: 3.2.2

cpe:2.3:a:rapid7:insight_agent:3.2.2
Rapid7 » Insight Agent » Version: 3.2.3

cpe:2.3:a:rapid7:insight_agent:3.2.3
Rapid7 » Insight Agent » Version: 3.2.4

cpe:2.3:a:rapid7:insight_agent:3.2.4
Rapid7 » Insight Agent » Version: 3.2.5

cpe:2.3:a:rapid7:insight_agent:3.2.5
Rapid7 » Insight Agent » Version: 3.2.6

cpe:2.3:a:rapid7:insight_agent:3.2.6
Rapid7 » Insight Agent » Version: 3.3.0

cpe:2.3:a:rapid7:insight_agent:3.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-6482

Products

Pricing

Contact Us