Signature Verification Issue in Rapid7 InsightVM Affects Account Security
CVE-2026-1568

9.6CRITICAL

Key Information:

Vendor: Rapid7
Status: Vulnerability Management
Vendor: CVE Published:; 3 February 2026

What is CVE-2026-1568?

Rapid7 InsightVM prior to version 8.34.0 contains a significant issue related to signature verification on the Assertion Consumer Service (ACS) cloud endpoint. This vulnerability allows attackers to exploit improperly handled unsigned assertions, potentially leading to unauthorized access to InsightVM accounts set up through 'Security Console' installations. By successfully executing this attack, cybercriminals could achieve full control over the affected user accounts. It is crucial for users to upgrade to version 8.34.0 or later to mitigate this security risk.

Affected Version(s)

Vulnerability Management 0 < 8.34.0

References

https://docs.rapid7.com/insight/command-platform-release-...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Jan 28, 2026

Credit

Cory Rey, Schellman

CVE-2026-1568 Data

JSON