CVE-2026-6482
HIGHDescription
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.
Is your site exposed to CVE-2026-6482?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| rapid7 | insight_agent |
References
Frequently Asked Questions
What is CVE-2026-6482? +
How severe is CVE-2026-6482? +
What products are affected by CVE-2026-6482? +
How do I check if I'm vulnerable to CVE-2026-6482? +
Related Vulnerabilities
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution …
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input …
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules …
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. …
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those …
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control …