Rapid7 Insight Agent
9 CVEs affecting Rapid7 Insight Agent. Latest disclosed: 2026-04-17. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6482 | High | 7.8 | 2026-04-17 | The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows… |
CVE-2021-4007 | High | 7.8 | 2021-12-14 | Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight A… |
CVE-2019-5629 | High | 7.8 | 2019-07-13 | Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Age… |
CVE-2024-3185 | Medium | 6.8 | 2024-04-23 | A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an atta… |
CVE-2026-4837 | Medium | 6.6 | 2026-04-08 | An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code e… |
CVE-2023-2273 | Medium | 5.8 | 2023-04-26 | Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flow… |
CVE-2022-0237 | Medium | 4.0 | 2022-03-17 | Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due t… |
CVE-2021-4016 | Medium | 4.0 | 2022-01-21 | Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An… |
CVE-2026-4482 | | 2026-04-10 | The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute… |