Significance
Endpoint security agents are some of the most trusted software on any machine. They run at the highest privilege level, hold open persistent connections to cloud platforms, and act on instructions from those platforms without asking the user. That trust is necessary. It also means a single flaw in the agent can compromise the entire host.
AI-assisted vulnerability discovery is changing this. Models that read and reason about code are now spotting patterns that years of manual review missed. Anthropic’s recent zero-day research demonstrated this at scale across open source software. The same approach applies to commercial security tooling.
Using semantic analysis and targeted fuzzing, we identified a remote code execution vulnerability in the Rapid7 Insight Agent for Linux. The root cause is a Python eval() call that processes attacker-influenced data from the beacon channel.
CVE-2026-4837 has been published and the fix is included in Insight Agent 4.1.0.2. Rapid7’s release notes are available here.
The Vulnerability
The Insight Agent communicates with the Rapid7 platform through a persistent beacon channel. On Linux, agent/agent_beacon.py contains a BeaconThread that polls for incoming platform commands. When a command arrives, _general_command_from_beacon() dispatches it.
Inside that method:
eval(str(passed_args))
The args field comes directly from the beacon response payload. There is no sanitisation, no allowlist, and no sandbox. Python’s eval() treats the value as code and executes it in the process context.
The agent runs as UID 0.
The result is arbitrary code execution as root on any Linux host running the Insight Agent, provided the attacker can influence the beacon response.
Exploitability and CVSS
The beacon channel is protected by mutual TLS (mTLS) with client certificate authentication, CA verification, and hostname checking. These are real controls. Our proof-of-concept validates the eval() code path in isolation and confirms that crafted args values achieve execution. A full end-to-end exploit through the mTLS channel was not constructed.
Reaching the vulnerable code path requires the ability to influence a beacon response. In practice, that means one of:
- Compromised platform credentials. An attacker with administrative access to an organisation’s Rapid7 deployment could inject crafted beacon responses to enrolled agents.
- Extracted certificate material. An attacker with prior access to an endpoint could pull the agent’s stored client certificates and replay responses from an external host.
- A separate TLS implementation flaw. A vulnerability in the underlying TLS stack that allows injection without valid certificates.
Our CVSS 4.0 assessment:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N, 9.2 Critical
AT:P (Attack Requirements: Present) reflects the mTLS prerequisite. The mTLS channel is a real barrier, but the impact on the other side of it is arbitrary code execution as root on every enrolled Linux host.
NVD rating (CVSS 3.1):
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H, 6.6 Medium
The NVD score uses CVSS 3.1, which maps the mTLS requirement to both High attack complexity (AC:H) and High privileges required (PR:H). CVSS 4.0 separates these concerns with a dedicated Attack Requirements metric, which is why the scores diverge. Both assessments agree on the impact: full compromise of confidentiality, integrity, and availability.
Coordinated Disclosure
Full technical details and a proof-of-concept were reported to Rapid7 PSIRT through their coordinated disclosure process. Rapid7 was responsive throughout and delivered a patched release well within the 90-day window.
| Date | Event |
|---|---|
| 2026-02-25 | Reported to Rapid7 PSIRT with full details and PoC |
| 2026-03-25 | CVE-2026-4837 reserved |
| 2026-04-08 | Fix released in Insight Agent 4.1.0.2 |
| 2026-04-08 | Public disclosure |
No exploitation techniques are included in this post. The proof-of-concept was shared privately with Rapid7 and exists solely to confirm the vulnerability.
About This Research
CVE-2026-4837 is one finding from a broader automated vulnerability research programme that CyberDagger has operated since February 2026. The pipeline combines static analysis, dynamic validation, and targeted fuzzing across enterprise software and embedded systems.
We are currently in coordinated disclosure with multiple vendors across endpoint security, networking infrastructure, and embedded firmware. Additional findings will be published as those processes conclude.
See the full research record → · Live pipeline dashboard →
Discovered by John Rodriguez, CyberDagger LLC. All research performed on legally obtained software under coordinated disclosure with standard 90-day timelines.