CVE-2026-4482

Low

Low Medium High Critical

CVSS Score

Published: Apr 10, 2026

Last Modified: Apr 13, 2026

Vulnerability Description

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.

References & Resources

https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes
cve@rapid7.com

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-732

Incorrect Permission Assignment for Critical Resource

Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class

View CWE Details on MITRE

Key Information

Published Date: April 10, 2026

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages