Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

Acunetix 360 On-Premises - v26.5.1

Security checks

  • CVE-2026-32933 remediation: Upgraded the AutoMapper library to remediate CVE-2026-32933, protecting your environment against the recently disclosed unbounded-recursion vulnerability.

Improvements

  • .NET 8 security patches in scanner/AV agent: Updated the .NET 8 SDK to the latest version to include Microsoft's newest security patches in the internal scanner/AV agent, keeping your agents protected against recently disclosed .NET vulnerabilities.
  • Incremental scan efficiency: Incremental scans now retest with the detection pattern only instead of re-running full attack payloads on unchanged content, so subsequent scans complete faster without behaving like full scans.

Resolved issues

  • GraphQL audit duplicate findings: The GraphQL Audit script now runs as an active check with a groupable signature, so unrelated payloads sent to GraphQL endpoints are no longer reported as separate "Introspection Query Enabled" findings.
  • Invite email protection: You can no longer change the invitee's email during team or account invitations, ensuring invitations always go to the correct, intended address.
  • Login & logout verification: The "Verify login & logout" button has been fixed, ensuring you can validate your authentication settings without interruption.

Verify the Hash value for package integrity in Acunetix 360 on-premises

The hash value for the "26.5.1.zip" file is 0294ABC6E3C7C03221323373F5CD95FAEA9632CBC2D2DC7A2711D768285D5ABA.

You can verify the integrity of the file by checking its hash value using one of the outlined methods:

PowerShell (Windows):

Get-FileHash -Path "26.5.1.zip" -Algorithm SHA256
Command Prompt (Windows):

certutil -hashfile "26.5.1.zip" SHA256
Linux or macOS:

sha256sum "26.5.1.zip"