Released: Jun 1, 2026

Server and Console 2026.1.20.0 での更新項目

不具合の修正

Server

• [CVE-2026-9522] PAM - Fixed an access control issue affecting account discovery scan configurations.
• [CVE-2026-9590] Core - Fixed a permission issue that could allow asset sections to be modified through the API without proper authorization.
• Core - Fixed synchronizers running against sealed credentials without prompting for unsealing first.
• Core - Fixed an error that prevented starting a trial when an invalid email address was entered.
• Core - Fixed sign-in issues when using Entra App Proxy with MFA and pre-authentication enabled.
• PAM - Fixed a regression where the OTP field was not displayed for checked-out accounts using inherited OTP settings.
• Web - Fixed the Clipboard Privacy warning dialog's "Do not show again" option not being respected.
• Web - Fixed trailing spaces being saved in Tags and Notification Subscription exact-match filters.

Console

• Core - Fixed the inability to edit additional access URIs in the Kestrel configuration.