2026.03¶

Features & Enhancements¶

Rapid Response & Alerting Improvements¶

• Rapid Response alert emails now include account context (account name, Rapid Response name, and associated weakness IDs) for organizations with parent/subclient structures, improving clarity in multi-tenant environments.
• Simplified the Rapid Response selection UI when configuring pentests.

Tripwires Enhancements¶

• Added the ability to export all Tripwire data to CSV, including key metadata such as name, type, file path, monitored processes, status, and deployment date.
• Tripwire jobs now support Active Directory credential validation against domain-joined systems.
• Introduced new utility to assist in rotating service account passwords.

Threat Actor Intelligence Expansion¶

• Threat Actor Intelligence features are temporarily extended to Pro and Core tier accounts, to assist a broader range of customers in defending against increased geopolitical cyber threats.

ServiceNow Vulnerability Response (VR) Integration¶

• Full Synchronization Pipeline – Launched a robust integration with ServiceNow VR. This includes full field mapping, connection testing, and durable asset UUIDs to ensure consistent tracking between Horizon3 and ServiceNow.

Security & Data Protection¶

• FedRAMP & Security Controls – Users of NodeZero Federal are now warned when sensitive data leaves the Portal. Implemented a Content Security Policy (CSP) header for enhanced Web security.
• We now enforce stricter SSO-only access where SSO is configured.
• We now prevent including deleted accounts during sign-in resolution

New Attack Content¶

• Cisco Catalyst SD-WAN – CVE-2026-20127
  Coverage for vulnerabilities in Cisco Catalyst SD-WAN Manager and Controller that could allow an unauthenticated, remote attacker to gain unauthorized access to the affected systems.
• Cisco Secure Firewall Management Center (FMC) – CVE-2026-20079 & CVE-2026-20131
  Detection and targeted testing for authentication bypass and unauthenticated remote code execution (RCE) vulnerabilities in the Cisco FMC web-based management interface.
• NetScaler ADC & Gateway – CVE-2026-3055
  Detection for a memory overread vulnerability in Citrix NetScaler when configured as a SAML Identity Provider, which could lead to the disclosure of sensitive information.
• GeoServer XPath Injection – CVE-2024-36404
  Added an exploit module for a critical RCE vulnerability in GeoServer where unauthenticated users can execute arbitrary code via specially crafted XPath expressions.
• Argo Workflows – CVE-2026-28229
  Introduced version detection and metrics for a vulnerability in Argo Workflows that could impact cluster security.
• SSH ControlMaster Hijack – H3-2026-0007
  New attack module targeting the abuse of SSH ControlMaster sockets, which can allow an attacker to hijack existing SSH sessions without requiring credentials.
• ADCS ESC11 Support – Added support for the ESC11 attack path within Active Directory Certificate Services (ADCS), expanding NodeZero's ability to identify credential theft and privilege escalation via web enrollment.
• LiteLLM Supply Chain Attack – Rapid Response coverage and customer notifications regarding the BerriAI LiteLLM credential stealer supply chain vulnerability.

Platform Performance & Stability¶

• Improved GraphQL service connection handling to reduce latency and prevent degradation under high load.
• Optimized query performance and pagination for large datasets across multiple services.
• Fixed issues with background job processing and scheduling reliability.

Reliability Enhancements¶

• Improved host discovery reliability and stability during large-scale operations.
• Enhanced asset processing pipelines to prevent data inconsistencies and stuck operations.
• Fixed issues affecting scheduled and template-based pentest execution.

Usability Enhancements¶

• Runner Detail Upgrades – Added a new Schedules tab to the Runner detail page, allowing users to view all pentest schedules associated with a specific runner.
• Advanced Command Filtering – Improved the Agent Commands view with pagination controls and faceted filtering by exit status, enabling more efficient analysis of runner activity.

Bug Fixes¶

• Fixed CSV export failures caused by backend processing errors.
• Resolved a bug where co-branding settings were overwritten during account synchronization.
• Corrected issues with external asset discovery search and unreachable IP filtering.
• Fixed duplicate and inconsistent results in credential and asset queries.
• Resolved incorrect asset usage percentage calculations.
• Fixed errors affecting scheduled and templated pentests.
• Addressed issues with NodeZero launch scripts, including timezone handling and EDR detection.
• Improved password and hash sanitization across multiple attack modules.
• Fixed incorrect operating system detection in certain network scan scenarios.
• Resolved issues with SCCM enumeration and LDAP binding behavior.
• Fixed false-positive findings in password reuse detection.
• Corrected UI issues including a flashing 404 page during login, incorrect footer colors in light mode, and broken spinner loaders on certain buttons.
• Fixed authentication and access control edge cases, including SSO enforcement and account routing.
• Resolved issues affecting asset pipeline processing, including missing data and duplicate records.
• Fixed issues with bulk email handling to improve privacy and delivery behavior.

New Trial Accounts¶

To initiate product trials, Horizon3 AI now asks that you contact our Sales team. You can do so via the horizon3.ai site’s See a Demo or Speak with an Expert links.