CVE-2026-4482

| EUVD-2026-21303 MEDIUM
2026-04-10 rapid7 GHSA-3r4x-4pr5-j666
6.8
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 10, 2026 - 04:45 vuln.today
EUVD ID Assigned
Apr 10, 2026 - 04:45 euvd
EUVD-2026-21303
CVE Published
Apr 10, 2026 - 04:22 nvd
MEDIUM 6.8

Tags

Information Disclosure Microsoft Insight Agent

Description

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.

Analysis

Improperly restricted file permissions on Rapid7 Insight Agent installer certificate files on Windows systems allow locally authenticated standard users to read the agent's private key (client.key), enabling identity material disclosure and potential lateral movement or agent impersonation. CVSS 6.8 (CVSS:4.0 LOCAL/LOW complexity, PR:L) reflects local authentication requirement; CISA KEV status not confirmed. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

34
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +34
POC: 0

Share

CVE-2026-4482 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy