CVE-2026-6482
Received Received - Intake
Local Privilege Escalation in Rapid7 Insight Agent via OpenSSL Config Abuse

Publication date: 2026-04-17

Last updated on: 2026-04-28

Assigner: Rapid7, Inc.

Description
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6482
EUVD
EUVD-2026-23376
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rapid7 insight_agent to 4.1.0.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Rapid7 Insight Agent (versions > 4.1.0.2) has a local privilege escalation vulnerability on Windows hosts.

When the agent service starts, it tries to load an OpenSSL configuration file from a directory that does not exist but is writable by standard users.

An attacker can place a specially crafted openssl.cnf file in this directory, causing the high-privilege agent service to execute arbitrary commands.

This allows an unprivileged user to bypass security controls and gain SYSTEM level control of the host, effectively achieving full host compromise.

Impact Analysis

This vulnerability can allow an unprivileged user on a Windows host running the vulnerable Rapid7 Insight Agent to escalate their privileges to SYSTEM level.

With SYSTEM level access, the attacker gains full control over the host, which can lead to unauthorized access to sensitive data, modification or deletion of files, installation of malware, and disruption of system operations.

Compliance Impact

This vulnerability allows an unprivileged user to escalate privileges to SYSTEM level on a Windows host, effectively bypassing security controls and achieving full host compromise.

Such a compromise can lead to unauthorized access to sensitive data and systems, which may result in violations of common standards and regulations like GDPR and HIPAA that require strict access controls and protection of personal and health information.

Therefore, the presence of this vulnerability could negatively impact an organization's compliance posture by increasing the risk of data breaches and unauthorized data access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6482. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart