Insight Agent Private Key Information Disclosure via Inherited File Permissions

6.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L

Description

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.

Basic Information

ID CVE-2026-4482

Source rapid7

Published Apr 10, 2026 at 04:22

Modified Apr 10, 2026 at 15:33

Affected Product

Vendor Rapid7

Product Insight Agent

Affected Versions Rapid7 Insight Agent 0

CWE Classification

CWE-732

References

docs.rapid7.com /insight/release-notes-2026-april/

{
    "lastseen": "",
    "description": "The installer certificate files in the \u2026/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.",
    "published": "2026-04-10T04:22:38.719Z",
    "modified": "2026-04-10T15:33:30.608Z",
    "type": "cve",
    "title": "Insight Agent Private Key Information Disclosure via Inherited File Permissions",
    "source": "rapid7",
    "references": "https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes",
    "id": "CVE-2026-4482",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Rapid7 Insight Agent 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Insight Agent",
    "version": "0",
    "vendor": "Rapid7",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Insight Agent Private Key Information Disclosure via Inherited File Permissions_CVE-2026-4482