CVE-2026-6482

HIGH

Local Privilege Escalation via OpenSSL configuration file in Insight Agent

Title source: cna

Description

The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.

References (1)

https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 0.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-829

Status published

Products (2)

Rapid7/Insight Agent < 4.1.0.2

rapid7/insight_agent < 4.1.0.2

Published Apr 17, 2026

Tracked Since Apr 17, 2026