rapid7
CVE Numbering Authority
Latest CVE published
Overview
rapid7 is a CVE Numbering Authority that has published 242 CVE records since 2016. It is currently classified as active, with 51 CVEs published in the last two years. Its CVE data quality is graded B (87.9% overall completeness).
Among the 370 CNAs tracked here, rapid7 ranks #79 by CVE volume and reports more complete records than 34% of all CNAs.
Data quality report card
How complete and consistent rapid7's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often rapid7 also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
87.9%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of rapid7's published CVEs breaks down, and how many are known to be exploited in the wild.
In CISA’s Known Exploited Vulnerabilities catalog
1
One of rapid7's CVEs is confirmed exploited in the wild and carries a CISA remediation deadline.
Common weakness types
The CWE weakness categories rapid7 most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')33 CVEs
- CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')18 CVEs
- CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')15 CVEs
- CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')9 CVEs
- CWE-922Insecure Storage of Sensitive Information8 CVEs
- CWE-121Stack-based Buffer Overflow7 CVEs
- CWE-284Improper Access Control7 CVEs
- CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')6 CVEs
Publishing activity by year
How many CVEs rapid7 has published each year.
Top vendors
The vendors rapid7 publishes the most CVEs for.
- Rapid7121 CVEs
- linux31 CVEs
- Microsoft13 CVEs
- Velocidex12 CVEs
- Cambium Networks10 CVEs
- Rocket Software9 CVEs
- Brother8 CVEs
- Konica Minolta8 CVEs
Top products
The products rapid7 publishes the most CVEs for.
- linux kernel31 CVEs
- metasploit-framework22 CVEs
- Velociraptor20 CVEs
- Nexpose19 CVEs
- Metasploit16 CVEs
- windows11 CVEs
- InsightVM10 CVEs
- UniData9 CVEs
Latest CVEs
The most recent CVEs assigned by rapid7.
- CVE-2026-8661CWE-79
Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin
Medium · CVSS 4.8EPSS 0.3%2026-06-26 - CVE-2026-8658CWE-78
OS Command Injection in Rapid7 InsightConnect Tcpdump Plugin
High · CVSS 8.8EPSS 0.8%2026-06-25 - CVE-2026-8662CWE-22
Path Traversal in Rapid7 InsightConnect Compression Plugin
Medium · CVSS 4.3EPSS 0.2%2026-06-25 - CVE-2026-8666CWE-78
OS Command Injection in Rapid7 InsightConnect Traceroute Plugin
Critical · CVSS 9.8EPSS 0.7%2026-06-25 - CVE-2026-8592CWE-78
OS Command Injection in Rapid7 InsightConnect AWK Plugin
Critical · CVSS 9.8EPSS 0.7%2026-06-25 - CVE-2026-8664CWE-78
OS Command Injection in Rapid7 InsightConnect Finger Plugin
High · CVSS 8.8EPSS 0.8%2026-06-25 - CVE-2026-8665CWE-78
OS Command Injection in Rapid7 InsightConnect Translate Plugin
Critical · CVSS 9.8EPSS 0.7%2026-06-25 - CVE-2026-8660CWE-78
OS Command Injection in Rapid7 InsightConnect Ping Plugin
Critical · CVSS 9.8EPSS 0.7%2026-06-25 - CVE-2026-9153CWE-22
Arbitrary File Read in Rapid7 InsightConnect Sed Plugin
Medium · CVSS 6.5EPSS 0.3%2026-06-25 - CVE-2026-9154CWE-22
Arbitrary File Write in Rapid7 InsightConnect Sed Plugin
High · CVSS 7.1EPSS 0.3%2026-06-25 - CVE-2026-9155CWE-78
OS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.
High · CVSS 8.8EPSS 0.9%2026-06-25 - CVE-2026-8659CWE-78
OS Command Injection in Rapid7 InsightConnect SQLmap Plugin
High · CVSS 8.8EPSS 0.8%2026-06-25
Track new rapid7 CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor rapid7 CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the rapid7 CNA.
- What is the rapid7 CNA?
- rapid7 is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 242 CVE records since 2016.
- How many CVEs has rapid7 published?
- rapid7 has published 242 CVE records, including 51 in the last two years.
- What is rapid7's CVE data quality grade?
- RadicalNotion.AI grades rapid7's CVE data quality as B, with an overall completeness score of 87.9%. This reflects how consistently its CVE records include vendor (99.2%), product (99.2%), CVSS (61.6%), and CWE (91.7%) information.
- What products does rapid7 publish CVEs for?
- rapid7 most frequently publishes CVEs for linux kernel, metasploit-framework, Velociraptor, Nexpose, Metasploit.
- Which vendors does rapid7 cover?
- rapid7 publishes CVEs across 78 distinct vendors, most often Rapid7, linux, Microsoft, Velocidex, Cambium Networks.
- Is rapid7 actively publishing CVEs?
- rapid7 is currently active, based on 51 CVEs in the last two years.
- What is the average severity of rapid7's CVEs?
- The average CVSS base score across rapid7's scored CVEs is 6.4.
- How many critical CVEs has rapid7 published?
- rapid7 has published 48 critical-severity CVEs and 115 high-severity CVEs.
- Are any of rapid7's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 1 of rapid7's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in rapid7's CVEs?
- rapid7's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')).
- How does rapid7 rank among CNAs?
- By total CVE volume, rapid7 ranks #79 of 370 CNAs, and it reports more complete CVE records than 34% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track rapid7 CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.