CVE-2026-1568CRITICAL 9.6EPSS p3.8%

CVE-2026-1568CVE-2026-1568

Description

Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The issue occurs due to the application processing these unsigned assertions and issuing session cookies that granted access to the targeted user accounts. This has been fixed in version 8.34.0 of InsightVM.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS0.14% probability of exploitation · percentile 3.8% · 2026-06-19T12:03:05Z
Published2026-02-03
Last modified2026-04-15

Underlying weaknesses· 2

CWE-287CWE-347

References

  1. https://docs.rapid7.com/insight/command-platform-release-notes/

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3564
CVE
CVE-2026-9614
CVE
CVE-2026-5786
CVE
CVE-2026-5787
CVE
CVE-2026-0393
CVE
CVE-2026-0274
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.