2026.04¶

Announcements¶

• Our ServiceNow integration will soon be deprecated, although it remains available for use. Horizon3 expects to release an enhanced ServiceNow integration in late May.

Features & Enhancements¶

Attack Path Visualization¶

• Within pentest summaries, redesigned sankey diagrams show a clearer flow from threat actors through to weaknesses, impacts, and business risks. We’ve added KEV badges on weaknesses that map to CISA Known Exploited Vulnerabilities, helping you quickly prioritize weaknesses actively exploited in the wild.

• We’ve also made these diagrams more responsive across a wide range of screen sizes.

Client Assets Recovery¶

• On the Portal’s Client Management page, admins can now schedule deletion of a client to return the client's allocation of scanned assets to the parent's pool in as soon as 30 days. This replaces the prior 60-day hold, improving asset reuse and operational flexibility.

Pentest & Runner Operations¶

• Added the ability to resume interrupted pentests directly from the pentest detail page.

• Scheduled actions now automatically take precedence over active operations on runners, reducing manual intervention.

• Users are now notified when operations fail to dequeue due to inactive runners.

• Added protections against runner queue misordering caused by rapid user interaction.

External Attack Surface Management¶

• Users can now create scheduled External Attack Discovery (EAD) operations directly from scope records, including automated template creation and lifecycle management.

Inventory & Data Export¶

• Improved CSV export capabilities, including support for selected items, IP ranges, and scopes.

• Enhanced inventory data with new fields such as last external domain and last host tab.

• Added improved filtering and sorting support across inventory tables.

Vulnerability Management & Credential Insights¶

• Improved handling of unverified credentials with clearer confidence indicators and filtering options.

• Enhanced logic for identifying “no longer found” vulnerabilities with improved metadata tracking.

UX Improvements¶

• Improved pentest table load performance by parallelizing data and pagination queries.

• Added quick-select duration options for access grants to streamline common workflows.

• Runner names remain accessible as links even after decommissioning for better historical analysis.

• Clarified pentest removal messaging to reduce confusion around data retention.

• Improved modal feedback and loading states across pentest actions.

• Added confirmation dialogs for sensitive actions like archiving pentests.

• Adjusted spinner sizing in icon buttons for consistency.

• Fixed minor grammar and typo errors in Runner queue notification emails.

New Attack Content¶

• cPanel and WHM Login Flow Authentication Bypass – CVE-2026-41940
  An authentication bypass vulnerability in the cPanel and WHM login flow that could allow unauthenticated attackers to gain unauthorized access to the system.

• ManageEngine Log360 Authentication Bypass – CVE-2026-3324
  An authentication bypass vulnerability in ManageEngine Log360 that could allow unauthenticated attackers to bypass authentication mechanisms and access sensitive data.

• Fortinet FortiClient EMS Improper Access Control – H3-2026-0012
  An improper access control vulnerability in Fortinet FortiClient EMS that could allow an attacker to bypass intended access restrictions and perform unauthorized actions.

• Fortinet FortiClient EMS SQL Injection – CVE-2026-21643
  A SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute arbitrary SQL queries against the underlying database.

• Cisco Smart Software Manager On-Prem Arbitrary Command Execution – CVE-2026-20160
  A vulnerability in Cisco Smart Software Manager On-Prem that could allow an unauthenticated attacker to execute arbitrary commands on the affected system.

• Apache ActiveMQ Jolokia Remote Code Execution – H3-2026-0008 / CVE-2026-34197
  A remote code execution vulnerability in Apache ActiveMQ Jolokia that could allow an attacker to execute arbitrary code on the target server.

• Fortinet FortiClient EMS Improper Access Control – CVE-2026-35616
  An improper access control vulnerability in Fortinet FortiClient EMS that could allow an attacker to bypass intended access restrictions.

• DNS Hostname Enumeration Added support for domain-joined Linux machines to have their DNS hostnames properly enumerated during internal operations.

• OCI User Permission Enumeration Added a new module for enumerating Oracle Cloud Infrastructure (OCI) user permissions.

Platform Performance & Stability¶

• Improved portal and dashboard performance, including faster loading for RBVM-related views.
• Reduced perceived latency by optimizing data loading and query execution across key tables and dashboards.

Bug Fixes¶

• Fixed a bug in ADCS (Active Directory Certificate Services) modules that caused them to fail for certain Certificate Authorities.

• Resolved a bug that caused findings to be missed if web endpoints returned a non-success HTTP response (non-2xx or non-3xx error code).

• Fixed external scanning logic to properly detect non-standard ports.

• Fixed Content Security Policy headers to properly support co-branded deployments.

• Corrected date preset calculations for access grant durations, to ensure that "end of week" covers through Sunday, and "end of month" covers through the final day of the month.