May 26, 2026
about 1 hour ago
Summary
- Added a Related Assets discovery feature from all asset details pages.
- Added 8 new fingerprints to the Platform and 1 new risk fingerprint to ASM.
Platform
- A new Related Assets tab is now available from all asset pages for users to see other assets that are related to the current asset they are viewing. This functionality searches across data like hostnames, DNS names, IP addresses, and certificates to find the infrastructure the asset is hosted on, used in, and more.
New fingerprints and risks
Added the following fingerprints and risks.
Note that new ASM risk fingerprints may be disabled by default in your workspace. Reference your risk type configuration in the ASM web console to review new risk types.
New fingerprints
| Type | Name | Description | Query |
|---|---|---|---|
| hardware | Beck IPC Chip | Embedded microcontroller module with TCP/IP networking for industrial OEM devices. | Platform query |
| hardware | Hikvision IP Camera | Hikvision network-connected surveillance camera. | Platform query |
| software | Drupal CMS | Open-source PHP content management system. | Platform query |
| software | Kubernetes ingress-nginx Controller | Official NGINX-based Ingress controller for Kubernetes clusters. | Platform query |
| software | Kafdrop | Open-source web UI for browsing and monitoring Apache Kafka. | Platform query |
| software | Kibana | Elastic's data visualization and dashboard platform for Elasticsearch. | Platform query |
| software | perfSONAR | Network performance measurement toolkit for research and education networks. | Platform query |
| OS | FNOS | Embedded Linux OS powering FnNAS network-attached storage devices. | Platform query |
New risks
| Name | Description | Query |
|---|---|---|
| Vulnerable Drupal [CVE-2026-9082 / SA-CORE-2026-004] | This is a service running a version of Drupal that may be vulnerable to CVE-2026-9082 (SA-CORE-2026-004), a critical SQL injection flaw in the database abstraction API affecting sites using PostgreSQL. An unauthenticated attacker can craft a request to perform arbitrary SQL injection, leading to data theft, privilege escalation, or remote code execution. | risks.name:Vulnerable Drupal [CVE-2026-9082 / SA-CORE-2026-004] |