Plataforma
linux
Componente
rapid7-insight-agent
Corrigido em
4.1.0.2
CVE-2026-4837 describes an eval() injection vulnerability discovered in the beaconing logic of the Rapid7 Insight Agent for Linux. Successful exploitation could theoretically allow an attacker to achieve remote code execution with root privileges. This vulnerability affects versions 0.0.0 through 4.1.0.2 of the agent; however, the use of mutual TLS (mTLS) significantly reduces the likelihood of remote exploitation without prior, highly privileged access to the Rapid7 Platform. A patch is available in version 4.1.0.2.
CVE-2026-4837 affects the Rapid7 Insight Agent for Linux, specifically within its beaconing logic. It's an eval() injection vulnerability that could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. The risk is rated as moderate (CVSS 6.6). However, the primary mitigation lies in the use of mutual TLS (mTLS) to verify commands from the Rapid7 Platform. This makes remote exploitation highly unlikely without prior, highly privileged access to the backend platform.
Exploitation of this vulnerability requires a deep understanding of the Insight Agent's beaconing logic and access to the Rapid7 Platform. An attacker would need to manipulate the beacon response to inject malicious code that executes through the eval() function. Due to the implementation of mTLS, the attacker would need to compromise the Rapid7 Platform or obtain privileged access to it to be able to send malicious commands. The probability of remote exploitation without prior access is considered low.
Status do Exploit
EPSS
0.30% (percentil 54%)
CISA SSVC
Vetor CVSS
The solution to this vulnerability is to update the Insight Agent to version 4.1.0.2 or later. Rapid7 has released this update to remediate the eval() injection and eliminate the risk of remote code execution. Users of Insight Agents for Linux are strongly encouraged to apply this update as soon as possible. Additionally, it's crucial to review and strengthen access controls to the Rapid7 Platform to minimize the risk of unauthorized access. Timely patching is essential for maintaining your infrastructure's security.
Actualice el Rapid7 Insight Agent a la versión 4.1.0.2 o posterior para mitigar la vulnerabilidad de inyección eval(). La actualización corrige la forma en que el agente procesa las respuestas de beacon, evitando la ejecución de código malicioso. Consulte las notas de la versión de Rapid7 para obtener instrucciones detalladas de actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Beaconing is the process by which the Insight Agent periodically communicates with the Rapid7 Platform to send telemetry data and receive commands.
mTLS (mutual TLS) provides an additional layer of security by verifying the identity of both the Insight Agent and the Rapid7 Platform, preventing unauthorized communication.
If you can't update immediately, review access controls to your Rapid7 Platform and ensure that only authorized users have access.
The vulnerability affects specific versions of the Insight Agent for Linux. Refer to Rapid7's documentation for a complete list of affected versions.
You can verify the version of the Insight Agent by running the appropriate command on the affected system. Rapid7's documentation provides detailed instructions.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.