CVE-2026-1568

Name of the Vulnerable Software and Affected Versions Rapid7 InsightVM versions prior to 8.34.0

Description Rapid7 InsightVM installations utilizing the "Security Console" setup are susceptible to a signature verification flaw on the Assertion Consumer Service (ACS) cloud endpoint. This issue allows an attacker to potentially gain unauthorized access to InsightVM accounts, leading to a full account takeover. The application processes unsigned assertions and issues session cookies, granting access to targeted user accounts.

Recommendations Update to InsightVM version 8.34.0 or later.