CVE-2026-4837EPSS p32.5%

CVE-2026-4837CVE-2026-4837

rapid7 / insight_agent

Description

An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the Rapid7 Platform, it is unlikely that the eval() function could be exploited remotely without prior, highly privileged access to the backend platform.

Scoring

CVSS 6.6 ()
VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS0.41% probability of exploitation · percentile 32.5% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8914
CVE
Ivanti Sentry OS Command Injection Vulnerability
CVE
CVE-2026-10727
CVE
CVE-2026-49199
CVE
CVE-2026-8037
CVE
CVE-2026-30741
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.