Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

Acunetix Premium - v.Security

Security checks

- Updated the vulnerability database (VDB) to version 20260203
- Added comprehensive JWT authentication bypass detection
   - High: JWT Signature Bypass via None Algorithm
   - High: JWT Signature is not Verified
   - High: JWT Signature Bypass via kid SQL injection
   - High: JWT Signature Bypass via kid Path Traversal
   - High: JWT Signature Bypass via unvalidated jwk parameter
   - High: Unvalidated JWT jku parameter
   - High: Unvalidated JWT x5u parameter
   - High: JWT Signature Bypass via unvalidated jku parameter
   - High: JWT Signature Bypass via unvalidated x5u parameter
   - High: JWT Signature Bypass via unvalidated x5c parameter
- Added authorization vulnerability detection
   - High: Horizontal Broken Function Level Authorization (BFLA)
   - High: Unauthenticated Access to Sensitive Functions
   - High: Horizontal IDOR/BOLA (Broken Object Level Authorization)
   - High: Vertical Broken Function Level Authorization (BFLA)
   - High: Vertical IDOR/BOLA (Broken Object Level Authorization)
- Added sensitive information exposure detection
   - High: API Sensitive Info(PII) accessible without authentication
   - Medium: Resource Accessible Without Required Authentication
- Added API inventory management checks
   - Medium: API Authentication Bypass Using a Test/Staging Host Header
- Added microservice security checks
   - High: Microservice Directory Traversal
- Added vulnerability detection for Java:
   - Medium: CVE-2026-21925
   - High: CVE-2026-21932
   - Medium: CVE-2026-21933
   - High: CVE-2026-21945
- Added vulnerability detection for Jetty:
   - High: CVE-2025-5115
- Added vulnerability detection for Joomla:
   - Medium: CVE-2025-63082
   - Medium: CVE-2025-63083
- Removed vulnerability detection for LiferayPortal:
   - CVE-2023-33944
- Added vulnerability detection for LimeSurvey:
   - Medium: CVE-2020-36993
   - High: CVE-2024-39063
   - Critical: CVE-2025-41375
   - Medium: CVE-2025-41376
- Added vulnerability detection for MySQL:
   - Medium: CVE-2026-21964
- Added vulnerability detection for Oracle:
   - High: CVE-2026-21939
- Added vulnerability detection for Oracle HTTP Server:
   - Critical: CVE-2026-21962
- Added vulnerability detection for osTicket:
   - High: CVE-2026-22200
- Added vulnerability detection for phpMyFAQ:
   - Medium: CVE-2026-24420
   - Medium: CVE-2026-24421
   - High: CVE-2026-24422
- Updated severity for Oracle 23.8 from Medium to High
- Updated severity for osTicket 1.17, 1.17.1, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.18 from Medium to High
- Added Zimbra Collaboration Suite (ZCS) Local File Inclusion check CVE-2025-68645