Description

Rapid7 InsightVM versions beforeĀ 8.34.0 contain a signature verification issue on theĀ Assertion Consumer Service (ACS) cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The issue occurs due to the application processing these unsigned assertions and issuing session cookies that granted access to the targeted user accounts. This has been fixed in version 8.34.0 of InsightVM.

INFO

Published Date :

2026-02-03T16:47:03.614Z

Last Modified :

2026-02-26T15:04:27.845Z

Source :

rapid7
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1568 vulnerability.

Vendors Products
Rapid7
  • Insightvm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1568.

URL Resource
https://docs.rapid7.com/insight/command-platform-release-notes/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact