Insight Agent Private Key Information Disclosure via Inherited File Permissions

Description

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.

Affected Products

Vendor	Product	Versions
Rapid7	Insight Agent	0

References

https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-4482 | Rapid7 Insight Agent up to 3.3.0 on Windows Certificate …/bootstrap/common/ssl permission assignment

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.1.0.2

CWECWE-732

PublishedApr 10, 2026

Last enriched4h agov2

Trending Score20

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (3)

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated affected versions to include 3.3.0, changed severity to HIGH, and noted that the exploit is not available.

affectedVersions

via VulDB

v14h ago

Initial creation