Released: Apr 28, 2026

Updates in Server and Console 2026.1.15.0

Features

Server

• CVE-2026-6706 Core - Added missing authorization check to prevent unauthorized access to handbook pages.
• Core - Renamed Read-Only and Restricted user types to Legacy and removed Read-Only from default user templates.
• Web - Updated third-party dependencies to address security issues, including a reported lodash vulnerability.

Console

• Made minor updates.

Fixes

Server

• Core - Allowed CyberArk entries to be saved without a username when using OIDC authentication.
• Core - Fixed the Buy a License flow so licenses can be purchased and retrieved properly.
• Core - Prevented permission set changes from being lost when saving after navigation.
• Core - Resolved issue preventing administrators from removing user subscriptions.
• Web - Ensured Reset Password prompt appears above Emergency Login prompt.
• Web - Fixed Hide/Reveal behavior on sensitive fields after table sorting.
• Web - Hid unsupported System Dashboard options in Customize Layout dialog for restricted vaults.