April 13, 2026
Summary
- Use reputation scores in the Censys Platform to quickly determine the potential risk associated with hosts, validated by transparent evidence in the Censys dataset.
- One new Censys ARC Rapid Response advisory for improper access control vulnerability in Fortinet FortiClient EMS [CVE-2026-35616].
- Added new fingerprints for handlebars.js and several SIP and VoIP services.
- Added two new ASM risk fingerprints for vulnerable Handlebars.js [CVE-2026-33937] and vulnerable FortiClient EMS [CVE-2026-35616].
Platform
An example host and its reputation score shown in the Platform UI.
- Use reputation scores in the Censys Platform to quickly determine the potential risk associated with hosts, validated by transparent evidence in the Censys dataset. This score enables you to prioritize alerts with IP indicators faster and perform triage and analysis more effectively with a transparent and consistent scoring methodology.
- Reputation scores and their attendant data are only available to Censys Enterprise users. Additional score context data is available to Censys Enterprise users with access to the Adversary Investigation module. See the documentation for more information.
Censys ARC Rapid Response
The Censys ARC team published information about and queries for the following issue.
-
April 7 Advisory: Improper Access Control Vulnerability in Fortinet FortiClient EMS [CVE-2026-35616]
- The following queries can be used to identify exposed instances. Not all of these services are necessarily vulnerable.
New fingerprints and risks
Added the following fingerprints and risks.
Note that new ASM risk fingerprints may be disabled by default in your workspace. Reference your risk type configuration in the ASM web console to review new risk types.
New fingerprints
| Name | Description | Query |
|---|---|---|
| handlebars.js | This asset embeds the Handlebars.js JavaScript templating library. | Platform query |
| Cisco Expressway | Cisco Expressway is a collaboration gateway that provides firewall-traversal technology for voice, video, content, and instant messaging. | Platform query |
| Sangoma Asterisk | Sangoma Asterisk is an open-source communications framework for building Voice over Internet Protocol Private Branch Exchange (VoIP PBX) systems, voicemail, and conferencing. | Platform query |
| Sangoma Certified Asterisk | Sangoma Certified Asterisk is a specialized version of Asterisk designed for enterprise environments requiring high reliability and support. | Platform query |
| Sangoma FreePBX | FreePBX is a web-based open-source GUI for controlling and managing Asterisk. | Platform query |
| STARFACE | STARFACE is a Session Initiation Protocol (SIP) trunking service and IP-based telephony solution. | Platform query |
| Wildix Media Gateway | Wildix Media Gateway is a device that bridges traditional telephony lines (analog, PRI, BRI, GSM/LTE) with the Wildix VoIP PBX system. | Platform query |
New ASM risks
Name | Description | Query |
|---|---|---|
Vulnerable Handlebars.js [CVE-2026-33937] | This service is using a version of Handlebars.js (4.0.0–4.7.8) vulnerable to CVE-2026-33937, a critical server-side remote code execution vulnerability. Handlebars.compile() emits the value field of a NumberLiteral AST node directly into generated JavaScript without sanitization. An attacker who controls the AST passed to compile() can inject and execute arbitrary JavaScript in any Node.js application that passes user-controlled input to compile(). | ASM risk query: |
Vulnerable FortiClient EMS [CVE-2026-35616] | This is an exposed FortiClient EMS instance prone to an improper access control vulnerability that could allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | ASM risk query: |