CVE-2026-6482

Name of the Vulnerable Software and Affected Versions Rapid7 Insight Agent versions 4.1.0.3 and later

Description A local privilege escalation issue exists on Windows hosts. During startup, the agent service attempts to load an OpenSSL configuration file from a non-existent directory that standard users can write to. An attacker can place a crafted openssl.cnf file in that location to trick the high-privilege service into executing arbitrary commands, allowing an unprivileged user to gain SYSTEM level control of the host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.