A new Acunetix Premium update has been released for Windows and Linux: 15.0.221007170.

This Acunetix release introduces support for Red Hat Enterprise Linux (RHEL) 9, which has been released earlier this year. The PHP IAST AcuSensor can now be used with web applications that take advantage of the PHP Slim Framework, and has been updated to report MongoDB injection and SSTI vulnerabilities. The CWE Top 25 Most Dangerous Software Weaknesses has been updated to report on the top software weaknesses identified for 2022. This Acunetix update also includes a number of new vulnerability checks, updates, improvements, and product fixes.

Note: There will be no new updates of the MacOS on-premises installations. MacOS users can switch to Acunetix Premium Online, or use Acunetix On-Premises in a virtual environment or on Docker.

New features

New vulnerability checks

  • Added a check for permissions-policy header
  • Added a check for unrestricted access to Karma monitoring interface
  • Added a check for Go web application binary disclosure


  • SCA: Improved the detection of components used by Java web applications
  • Updated to Chromium v106.0.5249.61
  • Updated the PHP IAST AcuSensor to better support web applications that use the Slim Framework
  • Improved support for HTTP calls from Axios
  • Updated the list of CWE Top 25 Most Dangerous Software Weaknesses to include 2022 weaknesses
  • Scan results and scan reports will include the Acunetix version used to conduct the scan
  • Updated the PHP sensor to report MongoDB injections
  • Updated the PHP sensor to report server-side template injections (SSTI)
  • Improved the detection of default GraphQL introspection URLs
  • Implemented a heartbeat for connections between the scanner and the AcuSensor bridge
  • Multiple DeepScan updates
  • Improved the auditing of JavaScript libraries


  • Fixed an issue which might cause blind SSRF in the issue tracker and proxy configuration
  • Fixed 3 authorization problems
  • Fixed a memory exhaustion bug in the heuristic links verifier
  • Fixed: Malware was being reported when invalid/unknown malware was reported by Windows Defender
  • Fixed some crashes in the scanner
  • Updated the network scans to not abort if the initial ICMP ping fails
  • Fixed an error when sending vulnerabilities to the Jira issue tracker
  • Fixed a UI error when filtering vulnerabilities by time
  • Various updates and fixes to the licensing logic

Upgrade to the latest build

If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

Nicholas Sciberras
Principal Program Manager
As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.