cvedb.io
CVE-2026-4482
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2026-04-10T05:16:04.587 · Last modified 2026-06-17T10:56:40.520

Summary

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.

Affected products

rapid7 — insight_agent

Does this affect you?

Add your gear to cvedb and we'll alert you only when rapid7 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.