CVE-2026-4482

EUVD-2026-21303
The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
rapid7CNA
6.8 MEDIUM
LOCAL
LOW
LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
rapid7insight_agent
𝑥
< 4.1.0.2
CNA
Common Weakness Enumeration
References
https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes