Rapid7 Insight Agent eval() injection in Linux beaconing logic
CVE-2026-4837 Published on April 8, 2026

Eval Injection in Rapid7 Insight Agent
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the Rapid7 Platform, it is unlikely that the eval() function could be exploited remotely without prior, highly privileged access to the backend platform.

NVD

Vulnerability Analysis

CVE-2026-4837 can be exploited with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an Eval Injection Vulnerability?

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.

CVE-2026-4837 has been classified to as an Eval Injection vulnerability or weakness.


Products Associated with CVE-2026-4837

Want to know whenever a new CVE is published for Rapid7 Insight Agent? stack.watch will email you.

Rapid7 Insight Agent
 

Affected Versions

Rapid7 Insight Agent: