Improper Permissions in Installer Certificate Files for Rapid7 Product on Windows Systems
CVE-2026-4482

6.8MEDIUM

Key Information:

Vendor: Rapid7
Status: Insight Agent
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-4482?

The installer certificate files located in the …/bootstrap/common/ssl directory on Windows systems lack appropriate restrictions on access permissions, allowing local users to read and execute these files. In particular, the client.key file may expose sensitive agent identity information to any standard user with local access. This misconfiguration poses a risk as it can facilitate unauthorized exploitation of user credentials and compromise system integrity. Ensuring proper access controls is crucial to securing these files and safeguarding sensitive data.

Affected Version(s)

Insight Agent Windows 0 < 4.1.0.2

References

https://docs.rapid7.com/insight/release-notes-2026-april/...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Mar 20, 2026

Credit

Peter Gabaldon @ ITRESIT (https://itresit.es/en/home-en/)

CVE-2026-4482 Data

JSON