February 2026 Release Notes

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

What’s New

Learn about new features across the Command Platform. These features were released over the past month and are available now:

• Risk: Exposure Command, Vulnerability Management (InsightVM), Cloud Security (InsightCloudSec)

• Threat: SIEM (InsightIDR), Managed Detection and Response (MDR), Incident Command, Threat Intelligence (Intelligence Hub)

• Administration: Exposure Command, Application Security (InsightAppSec), Cloud Security (InsightCloudSec)

• Risk

  • Standardize Vulnerability Prioritization with Active Risk
  • Contextual Vulnerability Intelligence in Threat Intelligence (Intelligence Hub)
  • Drive Remediation Faster with AI-Generated Risk Insights

• Threat

  • Extend Protection Across Microsoft Environments with MDR for Microsoft
  • Remove Legacy UBA Detections from the SIEM UI

• Administration

  • Streamline Vulnerability Workflows with ServiceNow Zurich (AI)

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation due to vulnerabilities being exploited by a bad actor. Security teams must assess risk by understanding likelihood, impact, and real-world threat context.

• Standardize Vulnerability Prioritization with Active Risk
• Contextual Vulnerability Intelligence in Threat Intelligence (Intelligence Hub)
• Drive Remediation Faster with AI-Generated Risk Insights

Standardize Vulnerability Prioritization with Active Risk

Teams using Vulnerability Management (InsightVM), Cloud Security (InsightCloudSec), and Exposure Command can now prioritize vulnerabilities using Active Risk as the single risk strategy across Rapid7. Active Risk replaces legacy risk strategies with one consistent, threat-aware strategy, so you can compare and prioritize vulnerabilities across the Command Platform using the same scoring approach.

With this capability across Vulnerability Management (InsightVM), Cloud Security (InsightCloudSec), and Exposure Command, you can:

• Prioritize vulnerabilities consistently across assets, products, and teams using one scoring model.
• Focus remediation on what matters most without reconciling multiple risk strategies.

Top of page

Contextual Vulnerability Intelligence in Threat Intelligence (Intelligence Hub)

Vulnerability Intelligence brings Rapid7 Labs exploitation intelligence together with your environment data in a centralized, actionable view. Integrated across Exposure Command and Threat Intelligence (Intelligence Hub), this capability helps teams quickly assess real-world risk and focus remediation on vulnerabilities that are actively exploited.

With this capability in Response & Remediation > Remediation Hub, you can:

• Understand which CVEs are actively exploited and how they are used.
• Connect external exploitation intelligence directly to impacted assets.
• Prioritize remediation based on threat context instead of static scores.
• Reduce mean time to remediate (MTTR) for exploited vulnerabilities.

Top of page

Drive Remediation Faster with AI-Generated Risk Insights

AI-generated risk insights in Remediation Hub turn complex vulnerability and asset data into clear, actionable guidance. Instead of manually triaging across tools and spreadsheets, teams receive concise summaries that highlight what matters most and where to start.

With this capability in Response & Remediation > Remediation Hub, you can:

• Get instant clarity with AI-generated summaries explaining affected assets, criticality, and ownership.
• Reduce triage time with concise, single-sentence summaries and automatic tag breakdowns.
• Close governance gaps by quickly identifying ownerless assets and missing criticality tags.
• Take action sooner with clear, prioritized next steps that focus remediation efforts where they’ll have the greatest impact.

Top of page

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from malicious actors, compromised identities, or misconfigurations.

• Extend Protection Across Microsoft Environments with MDR for Microsoft
• Remove Legacy UBA Detections from the SIEM UI

Extend Protection Across Microsoft Environments with MDR for Microsoft

Managed Detection and Response (MDR) for Microsoft helps organizations extend expert threat detection and response across Microsoft environments with less cost and complexity. This expert threat detection and response capability is purpose-built to maximize protection across Microsoft ecosystems.

With this capability in Alerts, customers can:

• Maximize their Microsoft investments
• Consolidate cost and complexity
• Confidently stop threats
• Strengthen cyber resilience

Top of page

Remove Legacy UBA Detections from the SIEM UI

As part of the ongoing migration from User Behavior Analytics (UBA) to Advanced Behavior Analytics (ABA), the legacy New Assets Authenticated detection will be removed from the UI within the next week. This update is limited to UI cleanup and does not affect active detections or alerting behavior.

Top of page

Administration

Administration focuses on refining platform controls, improving integrations, and streamlining configuration to support efficient security operations.

• Streamline Vulnerability Workflows with ServiceNow Zurich (AI)

Streamline Vulnerability Workflows with ServiceNow Zurich (AI)

Rapid7 has upgraded its ServiceNow integration to support the latest ServiceNow Zurich (AI) release for both Application Vulnerability Response (AVR) and IT Service Management (ITSM). This update enables tighter collaboration between Security, IT, and DevOps teams while maintaining consistent visibility.

With this integration from the ServiceNow App Store, you can:

• View and update vulnerability data bidirectionally without switching tools.
• Maintain consistent tracking of critical vulnerabilities across workflows.

Top of page

Improvements and Fixes

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider

No updates released at this time.

Top of page

Cloud Security (InsightCloudSec)

• Version 26.2.24
• Version 26.2.17
• Version 26.2.10
• Version 26.2.3

Version 26.2.24

Software release date: February 24, 2026 | Release notes published: February 24, 2026

Improved

• Cloud Listing Table: Added Oracle and Alibaba Cloud account IDs and role ARNs to the Cloud Listing table for enhanced visibility and management.
• Container Image Management: Added feature to download SBOMs for container images that have been scanned for vulnerabilities.
• Account-Level Credentials: Enabled account-level credentials for organization-linked accounts to improve authentication flexibility.
• App Service Environment TLS Configuration: Updated the AppServiceEnvironment harvester to harvest TLS Cipher Suite ordering.

New Resources

• Azure Backup Vaults Harvesting: Added support for harvesting Azure Backup Vault resources from Azure environments.
  • Reader Permissions Required: Microsoft.DataProtection/backupVaults/read
  • Power User Permissions Required: Microsoft.DataProtection/*

New Insights

• Storage Account Without Resource Manager ReadOnly Lock: Identifies storage accounts that lack Resource Manager ReadOnly Lock protection.
• Storage Account Without Resource Manager Delete Lock: Identifies storage accounts without Resource Manager Delete Lock.
• App Service Environment With Insecure SSL Cipher Suite Order: Identifies App Service Environments with insecure SSL cipher suite order. The insight is added to the CIS Controls v8.1.2 pack under Section 3.10.

Updated Insights

• Storage Account Blob Service Logging Disabled: Added to the CIS Controls v8.1.2 compliance pack for enhanced security compliance monitoring.
• Storage Account Queue Service Logging Disabled: Added to the CIS Controls v8.1.2 compliance pack for comprehensive logging compliance.

New Query Filters

• App Service Environment With Insecure SSL Cipher Suite Order: Identifies App Service Environments with insecure SSL cipher suite configurations.

Fixed

• Fixed OCI compartment tags issue where tags were not being properly associated with their resources, causing incorrect tag matching behavior.
• Fixed a bug where AWS DMS (Database Migration Service) Replication Instance deletion events were not removing resources from the ICS database.

Version 26.2.17

Software release date: February 17, 2026 | Release notes published: February 17, 2026

Deprecations

• Plugins Tab: Deprecated the Plugins tab.

Improved

• Resource Submanagement Table Rendering: Applied visual improvements to resource submanagement table rendering for enhanced user experience.
• AWS ExecuteChangeSet Event Support: Added AWS EventDataHarvester (EDH) support for ExecuteChangeSet events.

New Insights

• Storage Account Exceeding 90 Day Key Rotation Reminder: Identifies storage accounts that have not rotated keys within the recommended 90-day period.
• App Service Deployment Slot Allowing a Configuration State of All Allowed: Identifies App Service Deployment Slots with an FTP configuration state of All Allowed.
• Function App Allowing a Configuration State of All Allowed: Identifies Function Apps with an FTP configuration state of All Allowed.
• Function Deployment Slot Allowing a Configuration State of All Allowed: Identifies Function Deployment Slots with an FTP configuration state of All Allowed.

Updated Insights

• Resource does not Support TLS 1.2: Now supports App Service Environment resources.

New Query Filters

• Storage Account Exceeding Key Rotation Reminder: Identifies storage accounts that exceed key rotation reminder thresholds.

Updated Query Filters

• Resource Does Not Support TLS 1.2 Minimum: Now supports App Service Environment resources and utilizes the App Service Environment Allows TLS 1.0 and 1.1 Query Filter.
• Resource Does Not Support TLS 1.3 Minimum: Now supports Application Gateway Domain resources and utilizes the Application Gateway Domain TLS Version Query Filter.

New Resources

• Azure Recovery Services Vault Harvesting: Added harvesting support for Azure Recovery Services Vault resources. A new permission Microsoft.RecoveryServices/vaults/read is required for full harvesting visibility.

Fixed

• Fixed a race condition in Route53 DNS zone harvesting that could cause incomplete data collection.
• Fixed a bug where the Insight Details page’s Query Filter Configuration section did not display Data Group (collection) information when a filter was configured to use a Data Group.
• Fixed an edge case that prevented the Resource Table from being populated on the Resource Group view.
• Fixed bot creation form pre-population for data collections.

Mimics Infrastructure as Code (IaC) Scanning Tool

• Error Message Improvements: Enhanced error messages for scans in the backend to provide better troubleshooting guidance.
• Multiple File Scanning: Updated multiple file scanning behavior to return an error if no files are suitable for scanning, rather than passing silently.

Version 26.2.10

Software release date: February 10, 2026 | Release notes published: February 9, 2026

Improved

• Bot Factory: Bots enhancements will be released over the course of several upcoming releases, with features rolling out region by region.

  • Bot Execution Threshold Feature: Bots now support optional threshold-based controls and notifications. When a Bot exceeds its configured threshold, it does not execute its actions. Two new optional fields are available in the instructions JSON object for programmatic Bot management:

    • action_threshold_count (integer): The resource count at which Bot actions are suppressed.
    • threshold_mail_recipients (array): The email addresses notified when the threshold is reached.

    This change is backward compatible. Existing Bots continue to run as expected unless these fields are explicitly added.

  • Bot Runs Feature: You can now review historical Bot activity in the Bot Run tab in the Bot Factory, including Bots that exceeded their threshold.

• Threat Findings Filter: Updated the name of Threat Findings “Last Detected” filter to “Threat Finding Last Detected” for improved clarity.
• Azure Batch Account Harvesting: Updated the BatchEnvironmentHarvester to harvest private_endpoint_connections data for Azure Batch Accounts.
• App Service Environment TLS Configuration: Added a new tls_1_0_enabled field for AppServiceEnvironment resources to better track TLS configuration compliance.
• LicenseManagerLicenseHarvester: We have optimized the License Harvester to ensure more reliable data collection.
• Azure LPA Deployment Validation: Added pre-checks to LPA Automatic Deployment/Undeployment jobs to ensure Cloud Harvesting Credentials are valid and allow interaction with Azure.

New Query Filters

• Cloud Account With Root Account Login Profile: Matches Cloud Accounts whose Root User has an associated login profile.
• Cloud Account With Cloud User Login Profile: Matches Cloud Accounts that have any Service Users with an associated login profile.
• Task Definition Contains Specific Launch Type and Container Image (Regex): Allows identifying ECS task definitions by launch type and by the presence or absence of container images matching a specified regular expression.
• Batch Environment Private Endpoint Connection State: Evaluates the connection state of private endpoint connections for Azure Batch Accounts.
• App Service Environment Allows TLS 1.0 and 1.1: Identifies App Service Environments that allow insecure TLS versions 1.0 and 1.1.
• App Service Without Content Share or Image Pull: Identifies App Services without proper content share or image pull configuration.
• MapReduce Cluster Release Version Comparison: Identifies mapreduce clusters that meet version constraints.

New Insights

• Batch Environment Without an Accepted Private Endpoint Connection: Identifies Azure Batch Accounts that lack accepted private endpoint connections.
• App Service Environment Allows TLS 1.0 and 1.1: Identifies App Service Environments that allow insecure TLS versions 1.0 and 1.1.
• App Service Deployment Slot Not Routed Through VNet Integration: Identifies App Service Deployment Slots that are not properly routed through VNet Integration.
• Function App Not Routed Through VNet Integration: Identifies Function App that are not properly routed through VNet Integration.
• Function App Deployment Slot Not Routed Through VNet Integration: Identifies Function App Deployment Slots that are not properly routed through VNet Integration.

Updated Insights

• App Service App With Public Network Access Enabled: Renamed from “Web App with Public Network Access” and updated Overview and CIS Recommended Remediation Steps. Moved the following resource types to new dedicated insights:
  • App Service Deployment Slot moved to App Service Deployment Slot With Public Network Access Enabled.
  • Function App moved to Function App With Public Network Access Enabled.
  • Function App Deployment Slot moved to Function App Deployment Slot With Public Network Access Enabled.
• App Service App Without Virtual Network Integration: Renamed from “Web App Without Virtual Network Integration” and updated Overview and CIS Recommended Remediation Steps. Moved the following resource types to new dedicated insights:
  • App Service Deployment Slot moved to App Service Deployment Slot Without Virtual Network Integration.
  • Function App moved to Function App Without Virtual Network Integrated.
  • Function App Deployment Slot moved to Function App Deployment Slot Without Virtual Network Integration.

Updated Compliance Packs

• Batch Environment Without an Accepted Private Endpoint Connection was added to multiple compliance packs including CIS Controls v8.1.2, NIST 800-53 (Rev 5), Microsoft Cloud Security Benchmark, NIST 800-171, NIST Cybersecurity Framework 2.0, and CMMC v2.0.
• App Service Environment Allows TLS 1.0 and 1.1 was added to CIS Controls v8.1.2 compliance pack.

Fixed

• Fixed an issue with Jinja where Security Groups were not retrieving rules as a dependency.
• Fixed false positives in the Public IP in Use Query Filter to improve accuracy of public IP detection.

Version 26.2.3

Software release date: February 3, 2026 | Release notes published: February 2, 2026

Deprecations

• Database Cluster Without Audit Logging (ID 595): To be deprecated and removed in February 2026. Customers should use Database Cluster without CloudWatch Audit Logging (ID 2471), which checks that audit logs are being created and exported to CloudWatch. The RDS MySQL DB engine type was removed as multi-AZ clusters do not support auditing.
• Database Instance Without Audit Logging (ID 350): To be deprecated and removed in February 2026. Customers should use Database Instance without CloudWatch Audit Logging (ID 2472), which checks that audit logs are being created and exported to CloudWatch. Instances in RDS MySQL multi-AZ clusters are not flagged as they do not support auditing.

Improved

• Resource Download Functionality: Enhanced resource download functionality on the Resource Listing experience to allow for downloading multiple different resource types with a single button click, no longer requiring a Resource Type Index to be selected. Known limitations include no support for Query Filters or Scopes.
• HVA Settings: Updated HVA Settings to prompt users to apply filters to enable In-Scope Coverage.
• IaC Popover: Updated the IaC popover to include counts for excepted and non-applicable insights. Insights in the drawer will now display an “Excepted” status if all their underlying resources are excepted.
• Identity Analysis Page: Added Insight Finding Severity advanced filter option to the Identity Analysis page for improved filtering capabilities.
• Azure SQL Database Harvesting: Azure SQL database instances no longer harvest the Multi-AZ property. Harvesting for this value is now part of Azure SQL Database resources, a child resource of Azure SQL database instances. This is because Zone Redundancy (which we harvest as Multi-AZ) is configured at the database level for Azure SQL rather than the instance level.
• RestAPI Domain Harvesting: Refactored harvesting of Rest API Domain resources to remove redundant V2 related functionality.
• RestApiHarvester: Updated the RestApiHarvester to correctly harvest new Security Policies for AWS Rest API Domains.
• RestApiDomain Resources: Added a new minimum_tls_version property to RestApiDomain resources.

New Insights

• App Service Environment Without Internal Load Balancer: Identifies App Service Environments without internal load balancer configuration.
• Function App Service With App Authentication Not Enabled: Identifies Function App Services that do not have app authentication enabled.
• App Service Deployment Slot With Allow All Configured For CORS: Identifies App Service Deployment Slots with CORS configured to allow all origins.
• Function App With Allow All Configured For CORS: Identifies Function Apps with CORS configured to allow all origins.
• Function App Deployment Slot With Allow All Configured For CORS: Identifies Function App Deployment Slots with CORS configured to allow all origins.
• App Service Deployment Slot Not Using Minimum TLS Version 1.2 or Higher: Identifies App Service Deployment Slots not using minimum TLS version 1.2 or higher.
• Function App Not Using Minimum TLS Version 1.2 or Higher: Identifies Function Apps not using minimum TLS version 1.2 or higher.
• Function Deployment Slot Not Using Minimum TLS Version 1.2 or Higher: Identifies Function Deployment Slots not using minimum TLS version 1.2 or higher.
• Volumes With Data Access Auth Mode Disabled (Attached): Identifies attached volumes with data access authentication mode disabled.
• Elasticache Instance Has Pending Update: Identifies Elasticache instances with pending updates.

Updated Insights

• App Service Authentication Not Enabled: Extended the overview section for better clarity.
• App Service App With Allow All Configured For CORS: Renamed from “Web App with Allow All Configured for CORS” and updated overview and CIS Recommended Remediation Steps. Moved the following resource types to new dedicated insights:
  • App Service Deployment Slot moved to App Service Deployment Slot With Allow All Configured For CORS.
  • Function App moved to Function App With Allow All Configured For CORS.
  • Function App Deployment Slot moved to Function App Deployment Slot With Allow All Configured For CORS.
• App Service App Not Using Minimum TLS Version 1.2 or Higher: Renamed from “Web App set to TLS version 1.2 or higher” and narrowed scope to only return App Service App resources.
• Database Instance Not Multi-AZ: Changed to use the Query Filter Database Instance Is Not Multi-AZ instead of the now deprecated Database Instance Is Not Multi-Availability Zone. The insight’s results should not be impacted by this change.

New Query Filters

• App Service Environment Without Internal Load Balancer: Identifies App Service Environments without internal load balancer configuration.
• Volume Does Not Have Data Access Auth Mode Enabled: Identifies volumes that do not have data access authentication mode enabled.
• Cache Instance Has Pending Update (AWS): Identifies AWS cache instances with pending updates.
• Database Cluster Without CloudWatch Audit Logging: Returns Neptune, DocumentDB, and Aurora MySQL DB clusters that aren’t exporting populated audit logs to CloudWatch.
• Database Cluster Without Auditing: Returns Neptune, DocumentDB, and Aurora MySQL DB clusters whose parameter group does not have audit log creation enabled.
• Database Cluster Parameter Group With Blank Parameter: Returns DB clusters associated with a parameter group where the specified parameter has been left blank (empty or null value).
• Database Instance Without CloudWatch Audit Logging: Returns RDS MySQL, Neptune, DocumentDB, and Aurora MySQL DB instances that aren’t exporting populated audit logs to CloudWatch.
• Database Instance Without Auditing: Returns RDS MySQL, Neptune, DocumentDB, and Aurora MySQL DB instances that do not have audit log creation enabled.
• Database Instance Is Not Multi-AZ: Identifies database instances that are not configured for Multi-AZ deployment.
• Database is Not Multi-AZ: Identifies databases that are not configured for Multi-AZ deployment.

Updated Query Filters

• Application Gateway Domain TLS Version: Updated to query against the new minimum_tls_version field.
• Resource Does Not Support TLS 1.2 Minimum: Updated to reflect changes made to the Application Gateway Domain TLS Version Query Filter.
• Database Instance Is Multi-Availability Zone: Renamed to Database Instance Is Multi-Availability Zone (Deprecated).
• Database Instance Is Not Multi-Availability Zone: Renamed to Database Instance Is Not Multi-Availability Zone (Deprecated).
• Database Instances With Multi-AZ: Renamed to Database Instances With Multi-AZ (Deprecated).
• Kubernetes Cluster Latest Version (EKS/AKS/GKE): Fixed an issue where Kubernetes cluster versions were compared as strings instead of correctly evaluating major, minor, patch, and cloud provider-build values. Also resolved cases where the latest version used for comparison could be outdated.

Updated Compliance Packs

• Storage Account with Infrastructure Encryption Disabled: Added to CIS Controls v8.1.2 compliance pack.
• Storage Account Encrypted using Cloud Managed Key Instead of Customer Managed Key: Added to CIS Controls v8.1.2 pack.
• Storage Account Allows Shared Key Access: Added to CIS Controls v8 pack.
• Account Without Latest SMB Protocol Versions: Added to CIS v8.1.2 pack.

The following new TLS-related insights were added to multiple compliance packs including CIS Controls v8.1.2, NIST 800-53 (Rev 5), Microsoft Cloud Security Benchmark, NIST 800-171, NIST Cybersecurity Framework 2.0, and CMMC v2.0:

• App Service Deployment Slot Not Using Minimum TLS Version 1.2 or Higher
• Function App Not Using Minimum TLS Version 1.2 or Higher
• Function Deployment Slot Not Using Minimum TLS Version 1.2 or Higher

Fixed

• Fixed insight severity edge case for IaC exception configuration creation.
• Fixed a bug with System Notifications for Health via Microsoft Teams that was causing an error.
• Fixed an issue where a UI error would occur when editing certain email subscription configurations.

Top of page

Mimics Infrastructure as Code (IaC) Scanning Tool

No updates released at this time.

Top of page

SIEM (InsightIDR)

No updates released at this time.

Improved:

• Styling updated across home page and internal modules for visual synchronization.

Fixed:

• Resolved Investigation Details’ status selection visibility issues when Actor Activity panel is open.
• Restored input fields of certain DHCP, DNS, and Third Party Alert event sources.

Top of page

Vulnerability Management (InsightVM)

• 8.37.0
• 8.36.0
• 8.35.0

Version 8.37.0

Software release date: Feb 23, 2026 | Release notes published: Feb 19, 2026

Improved:

• Reduced Security Console memory utilization to improve performance and scalability. Optimizations to vulnerability content handling and scan management lower overall memory consumption and reduce resource usage during scan operations.
• Fixed signature validation vulnerability for CVE-2026-1568. The vulnerability applies to a cloud-based component of InsightVM (Exposure Analytics) and does not affect fully on-premise deployments. Rapid7 has already patched the affected cloud service across all regions. No customer action is required and there is no need to apply updates or make configuration changes.

Version 8.36.0

Software release date: Feb 12, 2026 | Release notes published: Feb 9, 2026

Improved:

• This release includes a security hardening update related to CVE-2026-1814 . The internal keystore password generation mechanism has been strengthened by significantly increasing the supported password length, improving protection of encrypted credentials used by the Security Console. This update is being implemented on a rolling basis and is expected to be fully deployed by the end of the day on Thursday, February 12th. Additional information is available in the Rapid7 blog post .

Version 8.35.0

Software release date: Feb 2, 2026 | Release notes published: Jan 29, 2026

New:

• Added support for scanning macOS assets using the Nexpose Scan Assistant. This release introduces Scan Assistant support for macOS Sonoma, Sequoia, and Tahoe, with installers available for both Intel-based and Apple Silicon users. The macOS Scan Assistant can be downloaded from the Scan Assistant documentation page .
• New Policy Content: Support has been added for the following versions of CIS and DISA STIG benchmarks to enable organizations to adhere to the latest security best practices:

  • Linux:

    • CIS Debian Linux 11 STIG Benchmark v1.0.0
    • CIS Ubuntu Linux 22.04 LTS Benchmark v3.0.0
    • CIS Oracle Linux 8 Benchmark v4.0.0
    • CIS AlmaLinux OS 10 Benchmark v1.0.0

  • Microsoft Windows Server:

    • DISA STIG Microsoft Windows 11 Benchmark Version 2, Release 6
    • DISA STIG Microsoft Windows Server 2019 Benchmark Version 3, Release 6

  • Apple macOS:

    • CIS Apple macOS 15.0 Sequoia Benchmark v2.0.0

  • Web Browsers:

    • CIS Google Chrome Group Policy Benchmark v1.0.0

Improved:

• Improved Oracle Linux kernel fingerprinting, reducing false positives.
• Improved consistency of CVSS scoring in PCI vulnerability reports. Custom PCI report templates now display CVSS v2 and v3 scores consistently with the Security Console, ensuring severity ratings accurately reflect the underlying vulnerability data.
• Policy Content Updates: Corrected policy evaluation issues in the CIS Rocky Linux 9 Benchmark v2.0.0.

Top of page

Nexpose

• 8.37.0
• 8.36.0
• 8.35.0

Version 8.37.0

Software release date: Feb 23, 2026 | Release notes published: Feb 19, 2026

Improved:

• Reduced Security Console memory utilization to improve performance and scalability. Optimizations to vulnerability content handling and scan management lower overall memory consumption and reduce resource usage during scan operations.

Version 8.36.0

Software release date: Feb 12, 2026 | Release notes published: Feb 9, 2026

Improved:

• This release includes a security hardening update related to CVE-2026-1814 . The internal keystore password generation mechanism has been strengthened by significantly increasing the supported password length, improving protection of encrypted credentials used by the Security Console. This update is being implemented on a rolling basis and is expected to be fully deployed by the end of the day on Thursday, February 12th. Additional information is available in the Rapid7 blog post .

Version 8.35.0

Software release date: Feb 2, 2026 | Release notes published: Jan 29, 2026

New:

• Added support for scanning macOS assets using the Nexpose Scan Assistant. This release introduces Scan Assistant support for macOS Sonoma, Sequoia, and Tahoe, with installers available for both Intel-based and Apple Silicon users. The macOS Scan Assistant can be downloaded from the Scan Assistant documentation page .
• New Policy Content: Support has been added for the following versions of CIS and DISA STIG benchmarks to enable organizations to adhere to the latest security best practices:

  • Linux:

    • CIS Debian Linux 11 STIG Benchmark v1.0.0
    • CIS Ubuntu Linux 22.04 LTS Benchmark v3.0.0
    • CIS Oracle Linux 8 Benchmark v4.0.0
    • CIS AlmaLinux OS 10 Benchmark v1.0.0

  • Microsoft Windows Server:

    • DISA STIG Microsoft Windows 11 Benchmark Version 2, Release 6
    • DISA STIG Microsoft Windows Server 2019 Benchmark Version 3, Release 6

  • Apple macOS:

    • CIS Apple macOS 15.0 Sequoia Benchmark v2.0.0

  • Web Browsers:

    • CIS Google Chrome Group Policy Benchmark v1.0.0

Improved:

• Improved Oracle Linux kernel fingerprinting, reducing false positives.
• Improved consistency of CVSS scoring in PCI vulnerability reports. Custom PCI report templates now display CVSS v2 and v3 scores consistently with the Security Console, ensuring severity ratings accurately reflect the underlying vulnerability data.
• Policy Content Updates: Corrected policy evaluation issues in the CIS Rocky Linux 9 Benchmark v2.0.0.

Top of page

Digital Risk Protection (Threat Command)

No updates released at this time.

Top of page

Rapid7 Agent

• Version 4.0.21.45

Software release date: Feb 9, 2026 | Release notes published: Feb 9, 2026

Improved:

• We upgraded the OpenSSL library used by the Rapid7 Agent (Insight Agent) to version 3.6.0 to resolve CVEs associated with previous versions. This upgrade applies to all currently-supported operating systems and architectures.
• The Rapid7 Agent (Insight Agent) now records events for new ID generation and additional operational error conditions.

Fixed:

• The Rapid7 Agent (Insight Agent) installer for Windows no longer attempts to reach a non-existent asset during the token handler connectivity check.
• The Rapid7 Agent (Insight Agent) now starts correctly even if the SSLKEYLOGFILE environment variable (used by the ssl module in Python urllib3) is missing or unwritable.
• The windows_following feature now correctly handles paths containing wildcards (*) specified in the logging.json file.

Updated Operating System Support:

• As of previous version 4.0.21, the Rapid7 Agent (Insight Agent) no longer supports the following operating systems for any architecture:
  • openSUSE LEAP 15.5
  • Fedora 41
  • Windows 10 v1507 and v1511

Top of page

Next-Generation Antivirus

No updates released at this time.

Top of page

Ransomware Prevention

No updates released at this time.

Top of page

Velociraptor

No updates released at this time.

Top of page