Update

Release v26.5.0​

Release date: 12 May 2026

Improvements​

• Single browser scan setting: Single browser mode is now controlled from the scan policy under Browser settings, so you can switch between single-browser and multi-browser scanning per policy instead of toggling it globally.

Resolved issues​

• Smart card and Microsoft login authentication: Certificate-based (Smart Card) authentication now works again in the Invicti Standard embedded browser, so Microsoft login flows that depend on client certificates no longer fail with a protocol error mid-redirect.
• User-edited report policy sections preserved on upgrade: Your customizations to CWE values and vulnerability template sections in report policies are no longer overwritten during version upgrades, so you don't lose tuning work each time you upgrade.
• Crawl and Wait pauses for manual crawling: When "Crawl and wait" is enabled, the scan now pauses after the crawl phase and exposes a Manual crawling & proxy action, so you can complete manual crawling before the attack phase begins.

Update

Release v26.3.0​

Release date: 10 March 2026

New features​

• Added OWASP Top 10 2025 classification and reporting support
• Implemented OWASP Top 10 2025 classification in Report Policies

Improvements​

• Implemented VDB update for auth verifier agent
• Improved Web Cache Deception detection accuracy and refined the response validation logic to handle authentication edge cases

Resolved issues​

• Improved the generation of preference files for client certificate usage in the browser
• Fixed an issue that occurred when exporting scan data from Invicti Standard to Invicti Enterprise while OAuth was enabled
• Fixed an issue where some nodes were missing in the Knowledge Base under specific scan conditions