PatchSiren cyber security CVE debrief
CVE-2026-4482 Rapid7 CVE debrief
CVE-2026-4482 is a medium-severity vulnerability affecting Rapid7 Insight Agent. The installer certificate files have improper permissions on Windows systems, potentially exposing agent identity material to locally authenticated standard users.
- Vendor
- Rapid7
- Product
- Insight Agent
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-10
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-04-10
- Advisory updated
- 2026-06-08
Who should care
Users of Rapid7 Insight Agent on Windows systems should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The installer certificate files in the …/bootstrap/common/ssl folder do not have restricted permissions on Windows systems, allowing users to read and execute access. Specifically, the client.key file could potentially lead to exploits, as it exposes agent identity material to any locally authenticated standard user.
Defensive priority
MEDIUM
Recommended defensive actions
- Review and adjust permissions on the installer certificate files in the …/bootstrap/common/ssl folder to restrict access to authorized users only.
- Refer to the vendor's documentation for specific guidance on securing the Insight Agent installation.
Evidence notes
The CVSS score for this vulnerability is 6.8, indicating a medium severity level.
Official resources
-
CVE-2026-4482 CVE record
CVE.org
-
CVE-2026-4482 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
CVE-2026-4482 was published on 2026-04-10T05:16:04.587Z and last modified on 2026-06-08T12:15:24.573Z.