Rapid responses
runZero’s Rapid Response program provides immediate detection and notification of emerging threats. Each Rapid Response includes a query to find matching assets, a trigger to analyze all inventories for exposure, and a corresponding blog post with the details of the issue. This program focuses on helping customers mitigate exposures before compromise.
Vulnerabilities covered by the Rapid Response program are replaced by more specific coverage as mitigations become available.
Latest Rapid Responses
| Date | Name | Type | Severity | Query | US SaaS Link | EU SaaS Link |
|---|---|---|---|---|---|---|
| 03/17/2026 | Rapid Response: CraftCMS (CVE-2026-32267) | software | Info | vendor:=CraftCMS AND product:="Craft CMS" | Link | Link |
| 03/13/2026 | Rapid Response: Potential GNU Inetutils telnetd Pre-Auth RCE (2026-03) | services | Info | _asset.protocol:=telnet AND protocol:=telnet AND os:Linux AND banner:="%login:" AND NOT (type:device OR type:"ip camera" OR type:"ip phone" OR banner:busybox) | Link | Link |
| 03/12/2026 | Rapid Response: Veeam Backup & Replication Multiple Vulnerabilities (2026-03) | software | Info | vendor:=Veeam AND (product:="Backup & Replication" OR product:="Veeam Backup & Replication") | Link | Link |
| 03/11/2026 | Rapid Response: HPE Aruba Networking AOS-CX Multiple Vulnerabilities (2026-03) | assets | Info | hw:="HPE Aruba CX%" AND protocol:http | Link | Link |
| 03/10/2026 | Rapid Response: Gogs Cross-Repository LFS Object Overwrite Vulnerability (CVE-2026-25921) | software | Info | vendor:=Gogs AND product:=Gogs | Link | Link |
| 03/09/2026 | Rapid Response: Nginx UI Unauthenticated Backup Download With Encryption Key Disclosure (CVE-2026-27944) | services | Info | _asset.protocol:=http AND protocol:=http AND favicon.ico.image.mmh3:="-1565173320" | Link | Link |
| 03/05/2026 | Rapid Response: Cisco Secure Firewall Management Center Multiple Vulnerabilities (2026-03) | assets | Critical | os:="Cisco FMC%" AND os_version:>0 AND ((os_version:>="6.4.0.13" AND os_version:<="6.4.0.18") OR (os_version:>="7.0.0" AND os_version:<"7.0.9") OR (os_version:>="7.1.0" AND os_version:<"7.2.11") OR (os_version:>="7.3.0" AND os_version:<"7.4.6") OR (os_version:>="7.6.0" AND os_version:<"7.6.5") OR (os_version:>="7.7.0" AND os_version:<"7.7.12") OR (os_version:="10.0.0")) | Link | Link |
| 02/27/2026 | Rapid Response: Junos OS Evolved: PTX Series: CVE-2026-21902 | assets | Info | os:="Juniper Junos OS Evolved" AND ((os_version:>="25.4R1-EVO" AND os_version:<"25.4R1-S1-EVO") OR (os_version:>"25.4R1-S1-EVO" AND os_version:<"25.4R2-EVO")) | Link | Link |
| 02/25/2026 | Rapid Response: Cisco Catalyst SD-WAN Controller & Manager Authentication Bypass (CVE-2026-20127) | assets | Info | hw:="Cisco vManage" OR os:="Cisco Viptela OS" | Link | Link |
| 02/19/2026 | Rapid Response: Grandstream GXP1600 Series VoIP Phone RCE (CVE-2026-2329) | assets | Critical | hw:="Grandstream GXP16__" AND (os_version:>0 AND os_version:<"1.0.7.81") | Link | Link |
| 02/18/2026 | Rapid Response: Dell RecoverPoint For Virtual Machines (CVE-2026-22769) | assets | Info | hw:="RecoverPoint for Virtual Machines" OR os:="EMC RecoverPoint" OR hw:="EMC RecoverPoint" | Link | Link |
| 02/09/2026 | Rapid Response: BeyondTrust Remote Support & Privileged Remote Access RCE (CVE-2026-1731) | services | Info | _asset.protocol:=http AND protocol:=http AND (product:="BeyondTrust Remote Support" OR product:="BeyondTrust Privileged Remote Access") AND _service.product:beyondtrust | Link | Link |
| 02/03/2026 | Rapid Response: Detected K8S Ingress-NGINX Instance | services | Info | (_asset.protocols:tls AND protocol:tls AND tls.issuer:="O=nil1" AND tls.subject:="O=nil2" AND tls.names:"%nginx%") | Link | Link |
| 02/02/2026 | Rapid Response: OpenClaw One-Click RCE Via Authentication Token (CVE-2026-25253) | software | Info | vendor:=OpenClaw product:=OpenClaw | Link | Link |
| 01/29/2026 | Rapid Response: Ivanti Endpoint Manager Mobile Multiple RCE (2026-01) | software | Info | vendor:=Ivanti AND product:="Endpoint Manager Mobile" | Link | Link |
| 01/28/2026 | Rapid Response: SolarWinds Web Help Desk Multiple Vulnerabilities (2026-01) | software | Info | vendor:=SolarWinds AND product:="Web Help Desk" | Link | Link |
| 01/27/2026 | Rapid Response: Multiple Fortinet Products Authentication Bypass (CVE-2026-24858) | assets | Info | os:="Fortinet FortiAnalyzer" OR hw:="Fortinet FortiManager" OR os:="Fortinet FortiProxy" OR (os:="Fortinet FortiOS" AND os_version:>0 AND ((os_version:>="7.0.0" AND os_version:<="7.0.18") OR (os_version:>="7.2.0" AND os_version:<="7.2.12") OR (os_version:>="7.4.0" AND os_version:<="7.4.10") OR (os_version:>="7.6.0" AND os_version:<="7.6.5"))) | Link | Link |
| 01/22/2026 | Rapid Response: Cisco Unified Communications Manager Remote Code Execution (CVE-2026-20045) | software | Info | vendor:=Cisco AND product:="Unified Communications Manager" | Link | Link |
Updated