Rapid7 Insight Agent
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Rapid7 Insight Agent.
By the Year
In 2026 there have been 3 vulnerabilities in Rapid7 Insight Agent with an average score of 6.6 out of ten. Insight Agent did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 6.60 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 2 | 5.55 |
| 2021 | 1 | 7.80 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.80 |
It may take a day or so for new Insight Agent vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rapid7 Insight Agent Security Vulnerabilities
Rapid7 Insight Agent LPE via crafted openssl.cnf (v>4.1.0.2)
CVE-2026-6482
- April 17, 2026
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agents SYSTEM level access.
Inclusion of Functionality from Untrusted Control Sphere
Windows Rapid7 Insight Agent Unrestricted Permissions on Installer Certificate
CVE-2026-4482
- April 10, 2026
The installer certificate files in the /bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.
Incorrect Permission Assignment for Critical Resource
Rapid7 Insight Agent eval() injection in Linux beaconing logic
CVE-2026-4837
6.6 - Medium
- April 08, 2026
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the Rapid7 Platform, it is unlikely that the eval() function could be exploited remotely without prior, highly privileged access to the backend platform.
Eval Injection
Rapid7 Insight Agent 3.2.6 Path Traversal via CLI Token Handler
CVE-2023-2273
7.5 - High
- April 26, 2023
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.
Directory traversal
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer
CVE-2022-0237
7.8 - High
- March 17, 2022
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
Unquoted Search Path or Element
Rapid7 Insight Agent, versions prior to 3.1.3, suffer
CVE-2021-4016
3.3 - Low
- January 21, 2022
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path
CVE-2021-4007
7.8 - High
- December 14, 2021
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629.
DLL preloading
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path
CVE-2019-5629
7.8 - High
- July 13, 2019
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.
Permissions, Privileges, and Access Controls
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rapid7 Insight Agent or by Rapid7? Click the Watch button to subscribe.
