CVE-2026-4482

UNKNOWN 0.0

Insight Agent Private Key Information Disclosure via Inherited File Permissions

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

1th

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.

CWE	CWE-732
Vendor	rapid7
Product	insight agent
Published	Apr 10, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for rapid7 insight agent

Be the first to know when new unknown vulnerabilities affecting rapid7 insight agent are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Rapid7 / Insight Agent

0 < 4.1.0.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.rapid7.com: https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes

Credits

🔍 Peter Gabaldon @ ITRESIT (https://itresit.es/en/home-en/)