Signature Verification Issue in Rapid7 InsightVM Affects Account Security
CVE-2026-1568

9.6CRITICAL

Key Information:

Vendor: Rapid7
Status: Vulnerability Management
Vendor: CVE Published:; 3 February 2026

What is CVE-2026-1568?

Rapid7 InsightVM prior to version 8.34.0 contains a significant issue related to signature verification on the Assertion Consumer Service (ACS) cloud endpoint. This vulnerability allows attackers to exploit improperly handled unsigned assertions, potentially leading to unauthorized access to InsightVM accounts set up through 'Security Console' installations. By successfully executing this attack, cybercriminals could achieve full control over the affected user accounts. It is crucial for users to upgrade to version 8.34.0 or later to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vulnerability Management 0 < 8.34.0

References

https://docs.rapid7.com/insight/command-platform-release-...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Jan 28, 2026

Credit

Cory Rey, Schellman

JSON

Rapid7

What is CVE-2026-1568?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.