2026.01¶

Features & Enhancements¶

New System Status: Added a "No Longer Found" status to improve tracking of remediated vulnerabilities over time.
Enhanced Table Controls: Added the ability to sort the vulnerability management table by Host and Weakness ID.
Advanced Filtering: Users can now filter the table by Downstream Impacts, providing better visibility into how specific weaknesses contribute to larger attack paths.
Security Posture Assessment: Improved the filtering and context for security posture assessment text, including extended link coverage and refined filter logic.

NodeZero Federal: External attack capabilities are now enabled for all NodeZero Federal environments.
Asset Intelligence: The Assets page now supports unique asset attributes, allowing users to customize columns to match the flexibility of the Pentests page.
Palo Alto Cortex XSOAR Integration: Added the fetch-incidents command to the integration, enabling the automated retrieval of NodeZero-discovered weaknesses into XSOAR.
Runner Management:
- Improved Docker image cleanup logic to run prior to disk-space checks, preventing unnecessary update failures.
- Enhanced environment checks to detect and notify users of incompatible ARM architectures.
API & Integrations:
- Extended authorization roles to allow the USER role to access subclient account endpoints.
- Updated GraphQL documentation to include the agents_page property, detailing how to expose multiple runners for parent accounts.

WatchGuard Fireware OS (CVE-2025-14733): An out-of-bounds write vulnerability that could allow an unauthenticated attacker to achieve remote code execution (RCE).
MongoDB Information Disclosure (CVE-2025-14847): Also known as "MongoBleed," this vulnerability allows unauthorized access to sensitive system information.
SmarterTools SmarterMail (CVE-2025-52691): An unauthenticated file upload vulnerability that can be exploited to gain unauthorized access or execute code on the mail server.
Enhansoft osTicket (CVE-2026-22200): A PHP filter chain injection vulnerability that allows for remote code execution.
Fortinet FortiSIEM (CVE-2025-64155): An arbitrary file write vulnerability that allows unauthenticated attackers to achieve remote code execution on affected systems.
HPE OneView (CVE-2025-37164): A remote code execution vulnerability in HPE’s infrastructure management software; currently listed on the CISA KEV catalog.
ManageEngine ADSelfService Plus (CVE-2025-11250): An authentication bypass vulnerability that could allow attackers to gain unauthorized access to the self-service portal.
Samsung MagicINFO 9 Server (H3-2026-0001): Coverage for directory traversal and remote code execution vulnerabilities in the digital signage management platform.
SolarWinds Web Help Desk (CVE-2025-40551): A remote code execution vulnerability affecting help desk instances.

AD Password Audit Optimization: Improved performance and accuracy of Active Directory password audits by correcting partial reporting issues with cracked hashes.
Data Pipeline Reliability: Resolved onboarding failures for customers using tenant-specific databases within the insights module.

AD Password Audit: Fixed an issue where successfully cracked password hashes were occasionally missing from the results page.
PDF Reporting: Resolved several PDF generation bugs, including incorrect page numbering, missing Table of Contents links, and character rendering issues.
Authorization Handling: Fixed 403 errors that occurred for read-only accounts attempting to access integration settings or when users navigated the portal before permissions were fully synchronized.
Account Management:
- Fixed a bug where the Assets Allocated field would default to zero instead of pre-populating with existing values.
- Ensured child accounts correctly inherit asset-based licensing status from their parent accounts.

Federal

Users of NodeZero Federal might experience a 1–2 week delay in the availability of some new features, Attack Content, or bug fixes.