Description
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.
Published: 2026-04-17
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation to SYSTEM level
Action: Apply Patch
AI Analysis

Impact

The vulnerability allows a local user to craft an openssl.cnf file in a writable but non‑existent directory, causing the Insight Agent service, which runs as SYSTEM, to load the file and execute arbitrary commands. This results in full host compromise with SYSTEM‑level privileges. The flaw is a CWE‑829 issue where operations are improperly restricted within an extension component.

Affected Systems

The issue affects Rapid7 Insight Agent versions newer than 4.1.0.2 running on Windows hosts. Any installation of the agent in that range is vulnerable if the problematic directory remains writable by standard users.

Risk and Exploitability

With a CVSS score of 8.5 the flaw is assessed as high severity. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is local; an attacker only needs a standard user account and must be able to write to the specified directory. The exploit condition is that the agent attempts to load a configuration file from a path that does not exist but is writable, allowing the planted file to be interpreted and executed by the SYSTEM‑level service. Once executed, the attacker can run arbitrary commands and fully control the host.

Generated by OpenCVE AI on April 17, 2026 at 07:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Rapid7 Insight Agent update that includes the fix for CVE-2026-6482.
  • Revoke write permissions on the directory used for OpenSSL configuration files so that only the SYSTEM account can write to it.
  • Delete any existing openssl.cnf files in that directory to prevent accidental execution of malicious commands.

Generated by OpenCVE AI on April 17, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Rapid7
Rapid7 insight Agent
Vendors & Products Rapid7
Rapid7 insight Agent

Fri, 17 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Description The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.
Title Local Privilege Escalation via OpenSSL configuration file in Insight Agent
Weaknesses CWE-829
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P'}

Subscriptions

Rapid7 Insight Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published:

Updated: 2026-04-17T12:16:15.294Z

Reserved: 2026-04-17T04:25:38.616Z

Link: CVE-2026-6482

cve-icon Vulnrichment

Updated: 2026-04-17T12:16:11.716Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-17T06:16:30.593

Modified: 2026-04-17T15:38:09.243

Link: CVE-2026-6482

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T08:30:13Z

Weaknesses