Rapid7 Insight Agent Eval Injection Vulnerability Allowing Remote Code Execution on Linux

Vulnerability

A vulnerability allowing eval injection has been identified in the Rapid7 Insight Agent's beaconing logic for Linux. This vulnerability could theoretically enable an attacker to execute remote code as root by sending a crafted beacon response. However, exploitation would likely require prior, highly privileged access to the Rapid7 backend platform, as the agent uses mutual TLS (mTLS) to verify commands from the platform.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution with root privileges on the affected Linux system.

Added: Apr 8, 2026, 5:27 PM

Updated: Apr 8, 2026, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.7

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.7

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rapid7 Insight Agent Eval Injection Vulnerability Allowing Remote Code Execution on Linux

Vulnerability

Impact

Affected Products

Rapid7 Insight Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating