CVE-2026-6482

Local Privilege Escalation via OpenSSL configuration file in Insight Agent

Assigner: rapid7
Reserved: 17.04.2026 Published: 17.04.2026 Updated: 17.04.2026

The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P
CVSS Score: 8.5

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	Low	Availability	Low
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Rapid7
Product	Insight Agent
Versions	Default: unaffected affected from 0 to 4.1.0.2 (excl.)

Vendor

Rapid7

Product

Insight Agent

Versions

Default: unaffected

affected from 0 to 4.1.0.2 (excl.)

Credits

Dell Security Assurance Team finder

References

Problem Types

CWE-829 Inclusion of functionality from untrusted control sphere CWE

Impacts

CAPEC-233 Privilege Escalation