Rapid7 · Rapid7 Nexpose · CVE-2026-1814
**Name of the Vulnerable Software and Affected Versions**
Rapid7 Nexpose versions 6.4.50 and later
**Description**
A security issue exists in Rapid7 Nexpose related to insufficient entropy in the `CredentialsKeyStorePassword.generateRandomPassword()` method. This can impact the randomness of generated passwords.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.