CVE-2022-4261EPSS p22.3%

CVE-2022-4261CVE-2022-4261

rapid7 / insightvm

Description

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.

Scoring

CVSS 4.4 ()
VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
EPSS0.31% probability of exploitation · percentile 22.3% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.