Rapid7 Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Rapid7 products.

3 known CVE vulnerabilities tracked

Critical

High

Medium

Low

None

Vulnerabilities By Year

2025

2026

Products Affected

Insight Agent 2 Velociraptor 1

All Rapid7 CVEs

Recent Highest Score Oldest

CVE-2026-4482

5.5 medium

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any loca

Insight Agent Apr 10, 2026

CVE-2026-4837

6.6 medium

An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the Rapid7 Platform, it is u

Insight Agent Apr 8, 2026

CVE-2025-14728

6.8 medium

Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to insufficien

Velociraptor Dec 29, 2025