March 23, 2026

Summary

Use the new Censys for Splunk SOAR and Censys for Splunk Platform integrations to enhance your SOC workflows with Censys data enrichment and playbook actions.
Two new Censys ARC Rapid Response advisories for pre-authentication RCE vulnerability in GNU Inetutils Telnetd [CVE-2026-32746] and Ubiquiti UniFi network application remote path traversal vulnerability [CVE-2026-22557].
The name of the "Explore Threats" page in the Platform UI has been changed to "Tracked Threats."
Added one new fingerprint for NetBox and two new ASM risks.

Platform

Use the new Censys for Splunk SOAR and Censys for Splunk Platform integrations to enhance your SOC workflows with Censys data enrichment and playbook actions.
- These integrations include several ad hoc enrichment actions for hosts, web properties, and certificates that can be used on an ad hoc basis or used for automated enrichment.
- Watch this video to learn more about how to use the Splunk SOAR application.
The name of the "Explore Threats" page in the Platform UI has been changed to "Tracked Threats."

Rapid Response

The Censys Rapid Response team published information about and queries for the following issue.

March 18 Advisory: Pre-Authentication RCE Vulnerability in GNU Inetutils Telnetd [CVE-2026-32746]
- The following queries can be used to identify exposed instances. Not all of these services are necessarily vulnerable.
March 19 Advisory: Ubiquiti UniFi Network Application Remote Path Traversal Vulnerability [CVE-2026-22557]
- The following queries can be used to identify exposed instances. Not all of these services are necessarily vulnerable.

New fingerprints

Added the following fingerprints.

Note that new ASM risk fingerprints may be disabled by default in your workspace. Reference your risk type configuration in the ASM web console to review new risk types.

Type	Name	Description	Query
hardware	NetBox	NetBox is an open-source DCIM and IPAM tool for managing network infrastructure.	Platform query
risk	Exposed FortiAnalyzer Application	An HTTP service is exposing a Fortinet FortiAnalyzer application. FortiAnalyzer is a centralized logging and reporting solution that aggregates security and traffic data from FortiGate and other Fortinet devices. Exposing this management interface to the internet can allow unauthorized access to sensitive network and security analytics.	ASM risk query: `risks.name: "Exposed FortiAnalyzer Application"`
risk	Exposed NetBox Application	A NetBox application is exposed to the internet. NetBox is a DCIM and IPAM tool that manages network infrastructure, IP allocations, and device inventories. Exposure may allow unauthorized access to sensitive network topology and infrastructure data.	ASM risk query: `risks.name: "Exposed NetBox Application"`

Type

Name

Description

Query

hardware

NetBox

NetBox is an open-source DCIM and IPAM tool for managing network infrastructure.

Platform query

risk

Exposed FortiAnalyzer Application

An HTTP service is exposing a Fortinet FortiAnalyzer application. FortiAnalyzer is a centralized logging and reporting solution that aggregates security and traffic data from FortiGate and other Fortinet devices. Exposing this management interface to the internet can allow unauthorized access to sensitive network and security analytics.

ASM risk query:

risks.name: "Exposed FortiAnalyzer Application"

risk

Exposed NetBox Application

A NetBox application is exposed to the internet. NetBox is a DCIM and IPAM tool that manages network infrastructure, IP allocations, and device inventories. Exposure may allow unauthorized access to sensitive network topology and infrastructure data.

ASM risk query:

risks.name: "Exposed NetBox Application"