Main Vulnerability Database Exploits ID:12748 - Exploit for Insufficient entropy in Nexpose and InsightVM - CVE-2026-1814

ID:12748 - Exploit for Insufficient entropy in Nexpose and InsightVM - CVE-2026-1814

Published: May 22, 2026

Vulnerability identifier: #VU122640

Vulnerability risk: Low

CVE-ID: CVE-2026-1814

CWE-ID: CWE-331

Exploitation vector: Local access

Vulnerable software:
Nexpose
InsightVM

Link to public exploit:

https://github.com/pbrass/CVE-2026-1814

Vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to insufficient entropy in within the CredentialsKeyStorePassword.generateRandomPassword() method when updating legacy keystore passwords. The application generates a weak password of 7-12 characters and a static prefix 'p'. A local user with access to the nsc.ks file can brute-force this password.

Remediation

Install updates from vendor's website.

ID:12748 - Exploit for Insufficient entropy in Nexpose and InsightVM - CVE-2026-1814

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human