Description
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the Rapid7 Platform, it is unlikely that the eval() function could be exploited remotely without prior, highly privileged access to the backend platform.
Published: 2026-04-08
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Assess Impact
AI Analysis

Impact

An injection flaw in the Rapid7 Insight Agent beaconing logic on Linux allows the eval() function to be executed with arbitrary payloads. This flaw could, in theory, enable an attacker to run code as root if a malicious beacon response is received. Because the agent authenticates commands with mutual TLS, the likelihood of exploitation without prior compromise of the backend platform is low, but the potential impact remains high if such an attack vector is realized.

Affected Systems

Linux installations of the Rapid7 Insight Agent are affected. Specific version information is not disclosed in the advisory, so all current releases may be susceptible until an update is applied.

Risk and Exploitability

The CVSS score of 6.6 indicates moderate to high severity. No EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited publicly known exploitation. Nevertheless, the combination of root privilege execution and a reliance on protected communication means that a compromised backend platform could lead to complete system takeover. The overall risk is considered moderate but should be evaluated against the organization’s exposure to the Rapid7 platform.

Generated by OpenCVE AI on April 8, 2026 at 17:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Rapid7’s latest release notes for a patch or updated Insight Agent version and upgrade if available. If an update is unavailable, enforce strict access controls on the Rapid7 Platform to prevent unauthorized command injection. Monitor for abnormal beacon responses and consider disabling or sanitizing eval usage in any custom beacon handling logic.

Generated by OpenCVE AI on April 8, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Rapid7
Rapid7 insight Agent
Vendors & Products Rapid7
Rapid7 insight Agent

Wed, 08 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the Rapid7 Platform, it is unlikely that the eval() function could be exploited remotely without prior, highly privileged access to the backend platform.
Title Eval Injection in Rapid7 Insight Agent
Weaknesses CWE-95
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Rapid7 Insight Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-04-09T03:56:12.818Z

Reserved: 2026-03-25T14:28:27.182Z

Link: CVE-2026-4837

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T17:21:24.603

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-4837

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:39:07Z

Weaknesses