EUVD-2026-23376
GHSA-6rgm-mxx7-qxmc
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.
AnalysisAI
Local privilege escalation in Rapid7 Insight Agent (versions > 4.1.0.2) on Windows allows unprivileged users to execute arbitrary code as SYSTEM via OpenSSL configuration file planting. The agent service loads openssl.cnf from a non-existent directory writable by standard users, enabling full host compromise without authentication. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Windows systems running Rapid7 Insight Agent and identify which are running versions > 4.1.0.2. Within 7 days: Implement file system monitoring on the OpenSSL configuration directory referenced in the vulnerability and restrict write permissions to SYSTEM/Administrators only; contact Rapid7 for guidance on interim versions or rollback to 4.1.0.2 or earlier if operationally feasible. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today