CVE Catalog

CVE-2026-4482

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Summary

The installer certificate files in the …/bootstrap/common/ssl folder on Windows systems do not have restricted permissions, allowing users to read and execute. In particular, the client.key file could lead to exploits as it exposes agent identity material to any locally authenticated standard user.

Risk Assessment

Uncontrolled access to the client.key file could lead to unauthorized disclosure of agent identity, posing a risk to the security of the system and the organization's data.

Recommendation

It is recommended to restrict permissions on the installer certificate files so that only authorized users have access, especially to the client.key file.

Original NVD description (English source)

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any locally authenticated standard user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS