May 2026 Release Notes

The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.

What’s New

Learn about new features across the Command Platform. These features were released over the past month and are available now:

• Risk: Remediation Hub

• Threat: Threat Intelligence (Intelligence Hub), SIEM (InsightIDR)

• Administration: Command Platform, Application Security (InsightAppSec)

• Risk

  • Gain Clearer Asset Visibility with Expanded Patch and Endpoint Protection Data
  • Remediate Faster with Targeted Filtering in Remediation Hub

• Threat

  • Accelerate Threat Hunting with Integrated Log Search
  • Prioritize CVEs Faster with Rapid7 Labs Technical Assessments
  • Eliminate Context Switching with Native IOC Management
  • Improve Data Reliability with Platform-Native Vulnerability Management (InsightVM) Integration
  • Improve Triage for Multi-Vector and Thresholded Detections with Full Alert Context
  • Create and Deploy Detections as Code in SIEM (InsightIDR)

• Administration

  • Streamline User Management with Unified User Resources and Settings
  • Reduce False Positives with AI-Enhanced Attack Modules

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation due to vulnerabilities being exploited by a bad actor. Security teams must assess risk by understanding likelihood, impact, and real-world threat context.

• Gain Clearer Asset Visibility with Expanded Patch and Endpoint Protection Data
• Remediate Faster with Targeted Filtering in Remediation Hub

Gain Clearer Asset Visibility with Expanded Patch and Endpoint Protection Data

Remediation Hub now provides expanded asset-level visibility for patch management and endpoint protection coverage. You can see which solutions provide coverage for each asset, identify the source of that data, and determine whether a reboot is still required after patching. This information is available in remediation details, filters, exports, and Automation (InsightConnect) workflows.

With this update in Risk > Remediation Hub, you can:

• See the source of endpoint protection and patch management coverage for each asset.
• Identify assets that still require a reboot after patching.
• Filter and export data to quickly find and share assets that need follow-up action.

Top of page

Remediate Faster with Targeted Filtering in Remediation Hub

Remediation Hub now includes enhanced filtering with resource type and categorized filters. Categorized filters help you distinguish between those that apply to all assets and those specific to Vulnerability Management (InsightVM) or Cloud Security (InsightCloudSec), making it easier to find and apply the right filters.

With this capability in Risk > Remediation Hub, you can:

• Prioritize newly disclosed vulnerabilities using CVE publish date filters.
• Quickly identify relevant filters with category-based organization.
• Focus on the most relevant assets by filtering by resource type.
• Navigate filters more efficiently with improved structure.

Top of page

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from malicious actors, compromised identities, or misconfigurations.

• Accelerate Threat Hunting with Integrated Log Search
• Prioritize CVEs Faster with Rapid7 Labs Technical Assessments
• Eliminate Context Switching with Native IOC Management
• Improve Data Reliability with Platform-Native Vulnerability Management (InsightVM) Integration
• Improve Triage for Multi-Vector and Thresholded Detections with Full Alert Context
• Create and Deploy Detections as Code in SIEM (InsightIDR)

Accelerate Threat Hunting with Integrated Log Search

You can now move directly from Threat Intelligence (Intelligence Hub) to Log Search without manually building queries. From Campaign and Threat Actor profiles, SIEM (InsightIDR) automatically generates and opens pre-filled queries with the relevant indicators of compromise (IOCs), mapped log sources, and time ranges.

With this capability in Command Platform > Intelligence > Campaigns and Command Platform > Intelligence > Threat Actors, you can:

• Launch ready-to-run log searches with automatically generated queries based on selected IOCs.
• Improve hunt accuracy using standardized queries grouped by IOC type, such as IP addresses, domains, and file hashes.
• Reduce manual effort and errors by eliminating the need to copy, map, and format indicators across log sources.
• Move from intelligence to investigation in seconds, improving analyst efficiency and response time.

Top of page

Prioritize CVEs Faster with Rapid7 Labs Technical Assessments

Rapid7 Labs technical assessments are now embedded directly in CVE Library, giving your team clear, analyst-backed insight into how vulnerabilities are exploited and why they matter. Instead of piecing together external research, you can now evaluate exploitability, attacker value, and real-world risk in one place.

With this capability in Command Platform > Intelligence > CVE Library, you can:

• Access Rapid7 Labs technical assessments for notable CVEs directly within each CVE record.
• Understand why a vulnerability matters using structured signals like exploitability, attacker value, and exposure conditions.
• Prioritize remediation faster with analyst narrative, affected product details, and real-world risk context.

Top of page

Eliminate Context Switching with Native IOC Management

IOC Sources are now integrated directly into the Command Platform, providing a centralized interface to manage public, private, and custom Threat Intelligence (Intelligence Hub) feeds. This enhancement streamlines workflows by reducing the need to switch between tools and improves performance when working with large volumes of IOCs.

With this update in Command Platform > Data Connectors > Sources, you can:

• Manage all indicators and IOC sources directly within the core platform.
• Experience drastically improved load times and a modernized UI for searching millions of IOCs.

Top of page

Improve Data Reliability with Platform-Native Vulnerability Management (InsightVM) Integration

Vulnerability Management (InsightVM) data now flows into SIEM (InsightIDR) through a platform-native integration powered by the Rapid7 data mesh. This update removes the need for manual configuration, improves reliability, and ensures consistent vulnerability context across SIEM (InsightIDR), MDR/MTC, and Incident Command without impacting existing functionality.

With this capability, you can:

• Automatically access Vulnerability Management (InsightVM) data in SIEM (InsightIDR) without additional setup.
• Reduce configuration issues and ongoing maintenance.
• Ensure vulnerability context in SIEM (InsightIDR) aligns with Vulnerability Management (InsightVM) data.
• Continue using existing features and customizations without changes.

Top of page

Improve Triage for Multi-Vector and Thresholded Detections with Full Alert Context

SIEM (InsightIDR) now preserves and displays additional contributing payloads for multi-vector and thresholded detections, instead of showing only the final triggering event. This gives SOC analysts full visibility into the activity behind complex detections.

With this update in Alert Details > View in Log Search, you can:

• See additional evidence that contributed to a multi-vector or thresholded detection.
• Triage complex alerts faster with clearer context.
• Reduce ambiguity, false positives, and investigation time.

This enhancement improves analyst confidence and trust by ensuring detection context is complete from detection through response.

Top of page

Create and Deploy Detections as Code in SIEM (InsightIDR)

You can now create, validate, and deploy detections as code in SIEM (InsightIDR) using Terraform. This capability enables security teams to define detection logic in a version-controlled workflow, validate detections before deployment, and promote them across environments. By treating detections as software, you can improve consistency across tenants, reduce configuration drift, and accelerate time to detection.

With this capability, you can:

• Define and manage detections using Terraform in your existing CI/CD workflows.
• Deploy and manage custom detections without relying on manual UI configuration.
• Promote detections consistently across single- and multi-tenant environments.
• Maintain auditability and version control for detection changes.
• Create up to 200 custom detection rules, up from the previous default of 50.

Top of page

Administration

Administration focuses on refining platform controls, improving integrations, and streamlining configuration to support efficient security operations.

• Streamline User Management with Unified User Resources and Settings
• Reduce False Positives with AI-Enhanced Attack Modules

Streamline User Management with Unified User Resources and Settings

Manage user preferences and access from a single, centralized location across the Command Platform. This update simplifies how users configure settings, access resources, and maintain their profile, providing a unified experience for managing user-level settings and resources while reducing friction and eliminating the need to navigate across multiple areas of the platform.

With this update in Command Platform > Profile > User Settings, you can:

• Manage profile preferences, including theme, time zone, and default landing page.
• View and update communication and notification preferences.
• Configure access and security settings.
• Access customer support and educational resources.

Top of page

Reduce False Positives with AI-Enhanced Attack Modules

Use AI to deliver more accurate vulnerability results in your scan outputs. This feature helps your team focus on true web app vulnerabilities, streamlining remediation workflows and reducing manual triage efforts.

With this feature in Application Security > Settings > Scan Options, you can:

• Automatically assess scan output using LLM-based vulnerability pre-triage.
• Focus on real risk, with false positives removed from your environment.
• Reduce manual review processes, helping prioritize remediation efforts with greater confidence in your findings.

Due to specific model infrastructure requirements, this feature is currently not available in APS2 and ME regions. The CA region may experience varied results due to these limitations.

Top of page

Improvements and Fixes

Keep track of improvements and fixes to core technology.

Application Security (InsightAppSec) and AppSpider

No updates released at this time.

Top of page

Attack Surface Management (Surface Command)

• Version 1.0.910
• Version 1.0.909
• Version 1.0.908

Version 1.0.910

Software release date: May 12, 2026 | Release notes published: May 18, 2026

Improved:

• External Attack Surface pages (Network Services, Certificates, Domains, IP Addresses) now provide additional information about discovered assets.

Connectors

The following connectors were updated in the Extension Library  since the previous release. Connector updates are published independently and may have been available before this release date.

Updated Connectors

• AWS Core: List missing permissions for the core and the Inspector connectors.
• BeyondTrust Endpoint Privilege Management (EPM): Add to Privileged Access Management category.
• Cloudflare:
  • Added Zero Trust Device List collection.
  • Added Cloudflare Account Members collection.
  • Fixed Test Connection so it now works with Account API tokens (cfat_) in addition to User tokens (cfut_).
• Delinea Privilege Manager: Add to Privileged Access Management category.
• Infoblox BloxOne DDI: Fix validation error for type ‘InfobloxSubnet’.
• Mimecast: Update the documentation for the API permissions required for this connector.
• Shodan: Clarify documentation instructions.

Version 1.0.909

Software release date: May 6, 2026 | Release notes published: May 11, 2026

Improved:

• “Data ingest is queued” message in Import Feeds now clarifies that queue is cross-customer and not actionable by stopping feeds.

Connectors

The following connectors were updated in the Extension Library  since the previous release. Connector updates are published independently and may have been available before this release date.

New Connectors

• Airlock Digital: Airlock Digital is an application control and allowlisting platform that enforces a Deny by Default security posture on endpoints. It centrally manages application control across Windows, macOS, and Linux environments. This connector integrates asset data from Airlock Digital into the Rapid7 Platform, importing agents and groups.
• Gophish: Gophish is an open-source phishing toolkit designed for businesses and security professionals to test and enhance their organization’s defenses against phishing attacks. This connector integrates phishing campaigns and target groups from Gophish with the Rapid7 Platform, providing visibility into phishing awareness testing activities.
• Illumio: Illumio is a Zero Trust Segmentation platform that provides real-time visibility and microsegmentation across multi-cloud and data center environments. The platform is centered around the Policy Compute Engine (PCE), which collects telemetry from Virtual Enforcement Nodes (VENs) installed on workloads and Network Enforcement Nodes (NENs) to build a live application dependency map and enforce security policies. This connector imports workloads, labels, VENs, and network devices from the Illumio PCE into the Rapid7 Platform.

Updated Connectors

• Crowdstrike Falcon: Vulnerability Statuses: Removed Closed and Expired options; existing configs with those values will log a warning and import only open/reopen findings.
• Delinea Privilege Manager: Pinned dependencies
• Delinea Secret Server: Fixed schema validation error for DelineaSecretServerSecret type
• GitHub: Fixed authentication issues related to recent dependency updates.
• KnowBe4: Fetched groups from KnowBe4 and linked to users.
• Mimecast: Updated the MimecastUser and MimecastInternalDomain types to allow referencing between them, and adding a virtual edge to materialize the ownership relationship between domains and users.
• Recorded Future: Added RecordedFutureVuln and RecordedFutureEvidence types with risk list ingestion.
• VMware vCenter: Fixed SSL Verify setting not being applied correctly.

Version 1.0.908

Software release date: April 28, 2026 | Release notes published: May 4, 2026

Improved:

• Expand correlation exclusion rules for serial numbers to ignore additional placeholder values, including “n/a,” “n.a.,” “-,” “1234,” and “not specified.” These values are now excluded from correlation while the property remains on the asset.
• Filter View widgets now support drill-in operations, enabling interactive exploration.
• Graphical Query Builder filters now display selectable enum values in a dropdown, matching Data Insights filter behavior for improved usability.

Connectors

The following connectors were updated in the Extension Library  since the previous release. Connector updates are published independently and may have been available before this release date.

New Connectors

• JFrog Artifactory: JFrog Artifactory is a universal artifact repository manager that stores, manages, and distributes software packages and binaries across the development pipeline. This connector synchronizes user, group, project, and repository data from JFrog Artifactory into the Rapid7 Platform.

Updated Connectors

• Dragos: Fixed data validation for x and y labels in DragosAsset.
• Freshservice: Added unmatched asset counts logging.
• Microsoft Graph Security: Added connector settings for minimum severity and lookback days for alerts and incidents.
• Microsoft Intune: Fixed a date parsing error when devices have never synced and the Last Sync filter is enabled.
• NetBox: Improved name-based correlation for NetBoxDevice.
• SentinelOne Singularity:
  • Filtered vulnerabilities by status to exclude resolved and suppressed findings.
  • Improved paging log to show running totals across pages.
• SolarWinds Orion: Increased timeout and decreased limit for Node SWQL queries.
• VMware vCenter:
  • Fixed tag retrieval by switching to the REST API.
  • Added vCenterTagAssociation type to link objects to tags.
  • Added vCenterAssociatedTag type to host REST-sourced tag data.

Top of page

Cloud Security (InsightCloudSec)

• Version 26.5.19
• Version 26.5.12
• Version 26.5.5
• Mimics Infrastructure as Code (IaC) Scanning Tool

Version 26.5.19

Software release date: May 19, 2026 | Release notes published: May 18, 2026

Improved

• Enhanced encryption detection for Azure Database for MySQL Flexible Server and Azure Database for PostgreSQL Flexible Server resources to accurately identify when Customer Managed Keys (CMK) are configured using Azure Key Vault, and to capture the associated key vault and key name details for these resources.
• Improved page load performance for the Scheduled Events Event History page when loading large amounts of historical event data.
• Improved retry logic for Azure resource tag creation.
• Enhanced paginated insights table to enable sorting for total findings, exemptions, and favorites.

New Resources

• OCI PostgreSQL Database Systems: Added support for harvesting PostgreSQL Database Systems resources from Oracle Cloud Infrastructure (OCI) environments.
  • Harvester: PostgreSQLDatabaseSystemHarvester
• Azure Elastic SAN: Added support for Azure Elastic SAN resources, enabling visibility into Storage Area Networks and their associated volume groups. Enhanced security posture monitoring by collecting public network accessibility settings and encryption key configuration for Elastic SAN resources to support CIS Azure Storage Services benchmark compliance checks.
  • Reader Permissions Required:
    • Microsoft.ElasticSan/elasticSans/read
    • Microsoft.ElasticSan/elasticSans/volumeGroups/read
  • Note: To harvest the encryption key used to encrypt a volume group correctly, there must be an access policy on the key vault for all key operations and cryptographic operations for the Azure application used to onboard the Azure account.

New Insights

• Web App Without Managed Platform Updates Fully Configured: Identifies AWS Elastic Beanstalk environments that do not have managed platform update settings enabled, update level set to ‘minor and patch’, and instance replacement enabled.

Updated Insights

• Container Service With Auto Assign Public IP: Updated security mappings to better align with official security benchmarks.

New Query Filters

• Web Apps Without Managed Platform Updates Fully Configured: Identifies AWS Elastic Beanstalk environments that do not have managed platform update settings enabled, update level set to ‘minor and patch’, and instance replacement enabled.

Fixed

• Fixed a potential DetachedInstanceError in the AWS Collector Harvester Checker that could occur when accessing organization service attributes after the database session was closed.
• Fixed a server error when creating exemption rules caused by accessing the rule ID after the database session was closed.
• Fixed a crash in the Azure Data Collection Rule harvester when a DCR does not have a destinations field in its properties. These DCRs are now harvested successfully with exports_to_monitor_metrics set to False.
• Fixed an issue where JWT tokens using unsupported algorithms (for example, from automated scanners) would cause unhandled 500 errors. These requests now correctly return 401 Unauthorized responses.
• Fixed an issue where Azure API Management resource harvesting would fail if the service was in an ActivationFailed state. The harvester now gracefully skips subscription retrieval for degraded APIM services instead of failing the entire harvest job.
• Fixed a duplicate key error in exemption curation that occurred when concurrent workers attempted to insert the same exemption. The persist logic now gracefully handles race conditions by falling back to individual inserts on conflict.
• Fixed a duplicate key error in the harvester modify path that occurred when merging child records (for example, RulePortRanges) that already existed in the database. The modify logic now retries on conflict after rollback.
• Fixed a MySQL “Commands out of sync” error in the InstanceFlavor harvester caused by a lazy-loaded relationship triggering a query during result streaming. Resources that do not support ResourceCommonData are now correctly skipped when checking for default resources.
• Fixed the “Force Delete Instance” bot action failing to terminate AWS EC2 instances that have termination protection enabled. The action now correctly detects the termination protection error, automatically disables it, and retries the termination as originally intended. This fix applies to both AWS commercial and GovCloud environments.
• Fixed an issue where CVE details failed to load in the general vulnerability tab after visiting a resource-specific view.
• Fixed an issue with GCP DomainUserHarvester and GCP DomainGroupHarvester failing with HttpError 400 "Invalid Input" when calling the Google Admin Directory API.
• Fixed a timeout issue on the Scheduled Events Event History page that occurred when loading large amounts of historical event data.

Version 26.5.12

Software release date: May 12, 2026 | Release notes published: May 11, 2026

Important

• Oracle Cloud Vault and Secret Resource Identification: Changed the Oracle Cloud backend format for Vaults and Secrets. The new format uses: {vault_display_name}.{vault_id} for Vaults and {secret_name}{vault_id} for Secrets. This change ensures global uniqueness and correct parent-child relationships.
  • Impact: All existing Vaults and Secrets will be considered new resources after the initial harvest once this version has been deployed. Bots, alerts, or integrations may be triggered if configured to act on newly discovered resources.

Improved

• Improved database connection pool recycling for harvesting operations to enhance overall system stability and efficiency.
• Updated Azure, GCP, OCI, and AliCloud onboarding scripts to provide standalone permission update support. AWS support was already available.
• Updated the Display by: Resource view on the Misconfigurations page to allow for selecting whether to show only Insights within a specific Insight Pack or all insights a resource is flagged with. A new toggle allows switching between the two views, with the default being to show only insights belonging to the pack you are scoped to.
• Added “Cloud Vendor Managed” column (true/false) to Kubernetes namespace scoped resources for better visibility and filtering.
• Added a filter in the Vulnerabilities -> Resources tab to filter only resources that have vulnerabilities.

New Query Filters

• Kubernetes Resources Managed by Cloud Vendor: Identifies Kubernetes Resources managed by cloud vendors with a not_in option to filter out or include cloud vendor managed Kubernetes resources.

Fixed

• Fixed an issue where creating a vulnerability email subscription would fail with a session error, preventing the subscription from being saved.
• Fixed an error during exemption rule processing that could cause resource harvesting to fail with a database session error.
• Fixed an IaC v3 scanner bug where Database Instance Not Encrypted was being incorrectly flagged when a Cluster Instance is attached to an encrypted cluster.
• Fixed performance issues with Attack Path Analysis job execution that caused timeouts and extended processing times. Optimized database queries and internal data processing to reduce job runtime by approximately 75% in large environments.
• Fixed delete button on IaC Managed Run tasks UI, added descriptive text, and moved the pop-out confirmation to a modal dialog.
• Fixed false positive bug by adding origin information on AWS::CloudFront::Distribution resources for Content Delivery Network Without Origin Access Control insight.

Version 26.5.5

Software release date: May 5, 2026 | Release notes published: May 4, 2026

Upcoming changes in the release version 26.5.12

OCI Vault and Secret Resource Identification: We will update the resource_id generation for the Vault and Secret resource types in Oracle Cloud Infrastructure (OCI) environments. This change will ensure global uniqueness and correct parent-child relationships by incorporating the Vault OCID into the ID format.

• Impact:
  • Existing Vaults and Secrets will be re-identified as new resources on the first harvest after this update.
  • Bots, alerts, or integrations may be triggered if configured to act on newly discovered resource types.

Current Release 26.5.5

Improved

• Updated the Threat Findings experience to align with an industry-standard Detection Findings view. This update introduces an improved layout, enhanced organization, and additional functionality to help you investigate and prioritize findings more efficiently.
  • Improved
    • Mapped all findings to the MITRE ATT&CK framework.
    • Added remediation guidance for findings generated by cloud service providers.
    • Improved visualization of severity and event source counts.
  • Impact
    • Detection Findings is now the default experience for all users.
    • The underlying findings data remains unchanged. However, the interface has been redesigned to provide improved functionality and navigation.
    • This experience is not available for self-hosted customers.
    • Saved filters are scoped to each experience. Detection Findings does not include filters previously saved in Threat Findings.
    • You can continue to access the previous Threat Findings experience and switch between views using a toggle.
• Added the ability to create bots directly from JSON configuration. Users can now select “Create Bot From JSON” from the bot creation dropdown menu, eliminating the previous requirement to first create a template from JSON before creating a bot. This streamlines the bot creation workflow for users who prefer working with JSON configurations.
• Extended the existing container SBOM download feature to support downloading vulnerability assessment data for individual host instances, enabling users to export detailed software package inventories for compliance and security analysis.

New Resources

• Added support for Lustre File System resource type with new harvester LustreFileSystemHarvester:
  • New permissions required: Microsoft.StorageCache/amlFilesystems/read

New Insights

• Lustre File System Without CMK Encryption: Identifies Lustre File Systems that are not encrypted with a customer-managed key (CMK).

New Query Filters

• Container Instance is Kubernetes Node: Identifies Container Instances that are Kubernetes Nodes.
• Lustre File System Without CMK Encryption: Identifies Lustre File Systems that are not encrypted with a customer-managed key (CMK).

Fixed

• Fixed an issue where AlloyDB Cluster Snapshots would not link correctly to parent cluster if stored in a different region than the cluster.
• Fixed handling of missing locationType for GCE rapid storage class buckets in StorageContainerHarvester.

Top of page

Mimics Infrastructure as Code (IaC) Scanning Tool

• 2.1.0

Version 2.1.0

Software release date: May 12, 2026 | Release notes published: May 18, 2026

Improved:

• Expanded Azure Terraform Query Filter Coverage: Added support for Azure Terraform query filters across network, subnet, IP range, region, and tag-based checks. This includes coverage for Resource in Network, Resource in Subnet, Resource is in Subnet within IP Range, Resource In Region, Resource not in Region, Resource Has Tags, Resource Has Zero Tags, Resource Meeting Or Exceeding Tag Count, Resource Missing Tag Keys, Resource Missing Tag Keys (All Missing), Resource Contains Tag Key/Value Pair, Resource Does Not Contain Tag Key/Value Pair, Resource Contains Tag Key With Empty Value, Resource Contains Tag Key and Value Regular Expression (Regex), Resource Contains Multiple Tag Keys And Value Regular Expressions (Regex), Resource Contains Tag Key and Value Email Validation, Resource Tag Date Comparison, Resource Tag Date/Time Comparison, and tag key regex validation.
• New AWS CloudFormation Query Filters: Added CloudFormation support for Delivery Stream Type, Resources In Cloud Without Macie Enabled, Cloud Policy With Wildcard Resource, and Application Gateway/Stage X-Ray Tracing Enabled query filters.
• Filter Scan Recommendations in Output: Added recommendation details to filter scan findings to make remediation guidance clearer in scan results.
• Security Dependency Updates: Updated the bundled docker-cli version to include security-related upgrades.
• Reduced Redundant Insight Noise: Removed insights that were already covered by query filters to reduce duplicate or unnecessary results.

Fixed:

• Duplicate Exception Findings: Fixed an issue that could show duplicate findings with exceptions when results were returned by both the V3 endpoint and Mimics.
• --disable-remote Scan Delay: Updated the --disable-remote flag so it bypasses remote scan initialization as expected, removing the unnecessary startup delay while preserving ICS configuration support.
• Cloud-Managed Key Detection for AWS MWAA: Fixed the Resource Encrypted With Cloud Managed Key query filter so AWS MWAA environments are evaluated correctly during IaC scans.
• Transit Encryption False Positives: Fixed Storage Container Not Enforcing Transit Encryption so bucket policies are no longer incorrectly reported as findings.
• Terraform AWS Cache Encryption Coverage: Fixed at-rest encryption detection for ElastiCache Terraform resources by correcting the existing Memcached query filter and adding cache engine coverage where needed.

Top of page

SIEM (InsightIDR)

Improved:

• Custom parser editing no longer requires a 10-log minimum.
• S3 Bucket field validation in event source creation form updated for consistency.

Fixed:

• Descriptions restored for authentication services table and error states within User page.
• Special character parsing within Investigation Details timeline refined.
• Global search results visibility corrected to prevent layering behind other page elements.

Top of page

Vulnerability Management (InsightVM)

• 8.46.0
• 8.45.0
• 8.44.0

Nexpose version 8.46.0

Software release date: May 25, 2026 | Release notes published: May 21, 2026

Improved:

• Added support for SUSE Kernel Live Patching (KLP) detection (fingerprinting) and CVE extraction during authenticated scans. Patched CVEs are accurately checked and displayed in the remediated vulnerability section.
• Improved hostname collection during PAN-OS device scans, providing more accurate and reliable device identification.
• Added fingerprinting support for Visual Studio 2026, enabling accurate detection and inventory reporting.
• Updated the Security Console email framework to ensure CSV report attachments are delivered correctly to email systems requiring RFC 2183-compliant headers.
• Added descriptive messaging for vulnerabilities with AI-predicted CVSS scores to provide additional clarity and context within the UI.
• Upgraded the bundled jQuery UI version to strengthen the overall security posture of the Security Console.
• Added built-in policy support for:
  • CIS Apache Tomcat 10.1 Benchmark v1.1.0
  • CIS Oracle MySQL Enterprise Edition 8.4 Benchmark v1.1.0

Fixed:

• Resolved a false positive affecting Citrix 7-Zip detection when the application was marked as a favorite in Citrix Workspace.
• Addressed a fingerprinting inconsistency for Microsoft Office Click-to-Run installations on Windows systems to improve detection accuracy.
• Fixed a data integrity issue that, under certain conditions, caused duplicate tags on Data Warehouse-linked consoles.
• Resolved an issue that caused an error message when uploading a certificate chain signed by an internal or private Certificate Authority.
• Fixed an issue impacting custom Agent-Based policies for the CIS Apple macOS 26 Tahoe Benchmark Level 1.
• Resolved an issue causing false positives within the CIS IIS 10 Benchmark v1.1.1 policy.
• Addressed an issue preventing enabled CIS Microsoft Windows Server 2022 v2.0 policies from appearing in the UI. Policies are now displayed correctly.

Version 8.45.0

Software release date: May 18, 2026 | Release notes published: May 15, 2026

Improved:

• Upgraded the bundled Spring Boot and Metasploit frameworks to enhance the overall stability and security posture of the console.
• Enhanced scanning capabilities by improving SSH remote execution support for JunOS assets.
• Policy Coverage added for the following:
  • CIS VMWare ESXI 7.0 v1.5.0
  • CIS Fortigate 7.4.X V1.0.1
  • CIS SUSE Linux Enterprise 16 Benchmark 1.0.0
  • CIS Apache HTTP Server 2.4 Benchmark v2.3.0
  • CIS Microsoft_Intune_for_Windows_11_Benchmark_v4.0.0
  • CIS Oracle MySQL Enterprise Edition 8.4 Benchmark 1.1.0
  • CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0
  • CIS PostgreSQL 14 v1.3.0
  • CIS F5 Networks v1.0.1
  • DISA STIG F5 Big-IP TMOS DNS STIG V1R1
  • DISA STIG F5 Big-IP TMOS NDM STIG V1R2
  • DISA STIG F5 Big-IP TMOS ALG STIG V1R2
  • DISA STIG F5 Big-IP TMOS Firewall STIG V1R1
  • DISA SUSE Linux Enterprise Server (SLES) 12 STIG V3R4

Fixed:

• Resolved an issue causing mismatched risk score values between the Asset page and Search page. Values are now consistent across the security console.
• Fixed an issue causing a false positive for obsolete versions of Apache Log4j
• Addressed a fingerprinting inconsistency observed for IBM WebSphere Application Server on Windows systems.
• Resolved an issue causing a false positive for the WebDAV Disabled rule in CIS Microsoft IIS 10 Benchmark v1.1.1.
• Addressed issues impacting rules in the following policies - CIS Microsoft Windows 11 Enterprise Benchmark 4.0.0, CIS PostgreSQL 14 v1.3.0, CIS Apache HTTP Server 2.4 Benchmark v2.3.0.

Version 8.44.0

Software release date: May 11, 2026 | Release notes published: May 7, 2026

Content-only release

• This release includes the latest vulnerability content updates to ensure your scans continue to detect and assess the most recent threats. No product feature changes or updates are included in this version.

Top of page

Nexpose

• 8.46.0
• 8.45.0
• 8.44.0

Nexpose version 8.46.0

Software release date: May 25, 2026 | Release notes published: May 21, 2026

Improved:

• Added support for SUSE Kernel Live Patching (KLP) detection (fingerprinting) and CVE extraction during authenticated scans. Patched CVEs are accurately checked and displayed in the remediated vulnerability section.
• Improved hostname collection during PAN-OS device scans, providing more accurate and reliable device identification.
• Added fingerprinting support for Visual Studio 2026, enabling accurate detection and inventory reporting.
• Updated the Security Console email framework to ensure CSV report attachments are delivered correctly to email systems requiring RFC 2183-compliant headers.
• Added descriptive messaging for vulnerabilities with AI-predicted CVSS scores to provide additional clarity and context within the UI.
• Upgraded the bundled jQuery UI version to strengthen the overall security posture of the Security Console.
• Added built-in policy support for:
  • CIS Apache Tomcat 10.1 Benchmark v1.1.0.
  • CIS Oracle MySQL Enterprise Edition 8.4 Benchmark v1.1.0.

Fixed:

• Resolved a false positive affecting Citrix 7-Zip detection when the application was marked as a favorite in Citrix Workspace.
• Addressed a fingerprinting inconsistency for Microsoft Office Click-to-Run installations on Windows systems to improve detection accuracy.
• Fixed a data integrity issue that, under certain conditions, caused duplicate tags on Data Warehouse-linked consoles.
• Resolved an issue that caused an error message when uploading a certificate chain signed by an internal or private Certificate Authority.
• Fixed an issue impacting custom Agent-Based policies for the CIS Apple macOS 26 Tahoe Benchmark Level 1.
• Resolved an issue causing false positives within the CIS IIS 10 Benchmark v1.1.1 policy.
• Addressed an issue preventing enabled CIS Microsoft Windows Server 2022 v2.0 policies from appearing in the UI. Policies are now displayed correctly.

Nexpose version 8.45.0

Software release date: May 18, 2026 | Release notes published: May 15, 2026

Improved:

• Upgraded the bundled Spring Boot and Metasploit frameworks to enhance the overall stability and security posture of the console.
• Enhanced scanning capabilities by improving SSH remote execution support for JunOS assets.
• Policy Coverage added for the following:
  • CIS VMWare ESXI 7.0 v1.5.0
  • CIS Fortigate 7.4.X V1.0.1
  • CIS SUSE Linux Enterprise 16 Benchmark 1.0.0
  • CIS Apache HTTP Server 2.4 Benchmark v2.3.0
  • CIS Microsoft_Intune_for_Windows_11_Benchmark_v4.0.0
  • CIS Oracle MySQL Enterprise Edition 8.4 Benchmark 1.1.0
  • CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0
  • CIS PostgreSQL 14 v1.3.0CIS F5 Networks v1.0.1
  • DISA STIG F5 Big-IP TMOS DNS STIG V1R1
  • DISA STIG F5 Big-IP TMOS NDM STIG V1R2
  • DISA STIG F5 Big-IP TMOS ALG STIG V1R2
  • DISA STIG F5 Big-IP TMOS Firewall STIG V1R1
  • DISA SUSE Linux Enterprise Server (SLES) 12 STIG V3R4

Fixed:

• Resolved an issue causing mismatched risk score values between the Asset page and Search page. Values are now consistent across the security console.
• Fixed an issue causing a false positive for obsolete versions of Apache Log4j
• Addressed a fingerprinting inconsistency observed for IBM WebSphere Application Server on Windows systems.
• Resolved an issue causing a false positive for the WebDAV Disabled rule in CIS Microsoft IIS 10 Benchmark v1.1.1.
• Addressed issues impacting rules in the following policies - CIS Microsoft Windows 11 Enterprise Benchmark 4.0.0, CIS PostgreSQL 14 v1.3.0, CIS Apache HTTP Server 2.4 Benchmark v2.3.0.

Nexpose Version 8.44.0

Software release date: May 11, 2026 | Release notes published: May 7, 2026

Content-only release

• This release includes the latest vulnerability content updates to ensure your scans continue to detect and assess the most recent threats. No product feature changes or updates are included in this version.

Top of page

Digital Risk Protection (Threat Command)

No updates released at this time.

Top of page

Remediation Hub

• 2.21.0

  • Resource Type filter: We’ve introduced a new Resource Type filter in the Remediation Hub main table. This allows customers to filter remediation data by categories such as Instance, Container, and Host. This filter applies to Cloud Security (InsightCloudSec) assets.
  • Improved loading experience for the Emergent Threats section.
  • Improved performance and reliability.

Top of page

Rapid7 Agent (Insight Agent)

No updates released at this time.

Top of page

Next-Generation Antivirus

No updates released at this time.

Top of page

Ransomware Prevention

No updates released at this time.

Top of page

Velociraptor

No updates released at this time.

Top of page