vPenTest release notes: June 2, 2026

Our latest release includes enhancements, bug fixes, and security improvements.

Enhancements

A4 format for reports

Reports can now be generated and downloaded in A4 paper format. Users in EMEA and other regions that use A4 as the standard page size can print reports without layout or formatting issues. To use A4 format, select it from the report format options before generating or regenerating a report.

Improved IP address input when scheduling assessments

The IP address input box on the assessment scheduler now displays static label text above the field rather than as placeholder text inside it. The guidance text has also been updated to reflect standard CIDR notation more accurately. This change makes it easier to enter IP ranges without losing context about the expected format.

Safer agent deletion with rollback support

Deleting an agent now uses transactional processing, so if any step in the deletion fails, all related changes are rolled back automatically. Previously, a partial failure could result in assessments being removed while the agent remained, leaving data in an inconsistent state. Users can now delete agents with confidence that the operation either completes fully or leaves everything unchanged.

Automatic cleanup of inactive internal agents

Internal agents that have been offline or unregistered for 180+ days are now automatically removed to keep your agents list clean. Email notifications are sent 30 days and 1 day before removal so you can take action if needed.

Improved host identification in scan results

OS version, DNS name, and Active Directory domain are now detected through RDP scanning, providing richer and more accurate host identification in your reports.

Better DNS finding readability

Evidence shown for Missing SPF and Missing DMARC findings is now more concise and easier to read.

Fixes

IP pool counts now reset correctly on the first of each month. Previously, some accounts displayed incorrect reset dates and inaccurate IP usage totals due to failed monthly and yearly reset operations.
Internal IPs are no longer incorrectly counted against a partner's usable IP pool. Some accounts saw a portion of their IP allocation listed as in-use with no corresponding assignment, reducing the IPs available for assessments.
The dashboard now displays the correct remaining IP count for active subscriptions.
Bonus IPs are now included when the system checks whether an assessment has enough IPs to run. Previously, assessments were halted even when a user had sufficient IPs once bonus allocations were counted.
HTML tags are no longer included in the narrative field of API payload responses. Consumers of the API were receiving raw markup in narrative text, making the data difficult to use without additional parsing.
EMEA agents are now correctly assigned to EMEA-region infrastructure. Previously, an issue caused EMEA-region internal agents to receive US-region AWS instances, which prevented those assessments from running.
Certain Windows Server hosts that were incorrectly identified as Windows 10 only are now correctly attributed to both Windows 10 and their corresponding Windows Server edition.
Passwords recovered via Kerberos-based attacks are now correctly flagged as weak credentials, matching the existing behavior for SMB-based password attacks.
A rare scenario where a finding could be created with incomplete data has been resolved. Findings are now only created when a valid template exists.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.