April 2, 2026 ASM Discovery Engine Release

Attack Surface Management Discovery Engine release v2026.04.02

This Attack Surface Management Discovery Engine release includes:

Bug Fixes

  • Adjusted version check for CVE-2019-5513 - VMware Horizon - Information Leak

Vulnerability Checks

  • Added Argo Workflows - Lack of Authentication
  • Added CVE-2025-68645 - Zimbra Collaboration Suite - Local File Inclusion
  • Added CVE-2026-23760 - SmarterTools SmarterMail - Authentication Bypass
  • Added CVE-2026-24423 - SmarterTools SmarterMail - Remote Code Execution
  • Added CVE-2023-6933 - Better Search Replace < 1.4.5 - PHP Object Injection
  • Added CVE-2025-59718 / CVE-2025-59719 - Fortinet FortiOS - Authentication Bypass
  • Added CVE-2026-21962 - Oracle WebLogic Server Proxy Plug-In - Unauthenticated Remote Code Execution
  • Added CVE-2025-34026 - Versa Concerto Actuator Endpoint - Authentication Bypass
  • Added CVE-2023-6549 - Citrix NetScaler ADC/Gateway - Out-of-Bounds Memory Read
  • Added CVE-2025-49533 - Adobe Experience Manager Forms - Insecure Deserialization
  • Added CVE-2025-40551 - SolarWinds Web Help Desk < 2026.1 - Deserialization RCE
  • Added CVE-2025-31125 - Vite Development Server - Path Traversal
  • Added CVE-2026-20045 - Cisco Unified Communications - Remote Code Execution
  • Added CVE-2023-34990 - Fortinet FortiWLM - Directory Traversal
  • Added CVE-2021-1472 - Cisco Small Business RV Series - OS Command Injection
  • Added CVE-2025-13390 - Wordpress WP Directory Kit Plugin - Authentication Bypass
  • Added CVE-2025-13342 - WordPress Frontend Admin Plugin - Privilege Escalation
  • Added CVE-2025-64155 - Fortinet FortiSIEM - Unauthenticated RCE
  • Added CVE-2026-24061 - GNU Inetutils telnetd - Authentication Bypass
  • Added CVE-2021-43062 - Fortinet FortiMail - Reflected XSS
  • Added CVE-2026-21858 - n8n Webhooks - Remote Code Execution
  • Added CVE-2025-52691 - SmarterMail - Unrestricted File Upload

Technology Fingerprints

  • Added Versa Concerto technology fingerprint
  • Added WordPress "Better Search Replace" plugin technology fingerprint
  • Added Cisco Unity Connection technology fingerprint
  • Added Adobe Experience Manager (AEM) Forms technology fingerprint
  • Added Argo Workflows technology fingerprint
  • Added n8n technology fingerprint
  • Added Cisco VPN Routers technology fingerprint
© Copyright Mandiant. All rights reserved
  • First Published: April 2, 2026
  • Last updated: April 2, 2026
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.