vPenTest release notes: May 19, 2026

Our latest release includes a new feature, enhancements, bug fixes, and security improvements.

New feature

Clean Assessment Certificate

When an external network penetration test concludes with an overall severity rating of Informational for both pentesting findings and vulnerability findings, vPenTest now automatically appends a Clean Assessment Certificate to the end of the Executive Summary report. The certificate dynamically populates the company name, location (when applicable), and date of assessment from the scheduled assessment details. This gives partners and end customers a shareable, single-page attestation confirming that no significant vulnerabilities were identified during the assessment.

Enhancements

Autotask integration: Clearer status when authentication expires

When an Autotask integration becomes inactive due to an expired or revoked authentication token, the integration toggle now reflects the inactive state and surfaces a notification prompting you to re-authenticate.

Dark Web ID and VulScan integrations: Full organization list in mapping drop-down menu

The organization mapping drop-down menu on the Dark Web ID and VulScan integration configuration pages now loads all available organizations rather than stopping at the first 25. Partners with large organization counts can now map integrations without needing to rename or reorder organizations to bring them within the visible limit.

API: Report and assessment enrichment

The v3 API now exposes two new endpoints that give partners programmatic access to assessment data previously available only inside downloaded reports. The AssessmentPhase endpoint returns the current phase of any assessment, enabling automated tracking of progress through the testing lifecycle. The EvidenceDetails endpoint returns structured data, including tested IPs, domains, DNS findings, and host discovery results, so partners can build analytics and compliance workflows without parsing evidence ZIP files.

Fixes

Downloading supporting evidence from a completed assessment report no longer returns an invalid or expired link error. The root cause was a mismatch between the file path stored in the database and the actual path used in storage after a naming convention change. Legacy path names are now handled correctly.
The Autotask integration authentication step no longer returns a timeout error for partners with a large number of organizations. The fix increases the per-query organization limit so that the authentication completes within the expected timeout window.
An issue that prevented users from removing an existing organization mapping from the Autotask, Dark Web ID, or VulScan integrations has been resolved.
Previously saved integration mapping is now displayed as expected in the mapping step when you return to edit integration settings for the Dark Web ID and VulScan integrations.
An issue that produced a 500 error when logging out of the portal has been resolved.
A blank-page issue that prevented the application from loading on Safari for macOS after authentication has been resolved.
Buttons now follow a consistent Cancel and Confirm sequence across all pop-up confirmation windows.
Icons are no longer missing in the tab labels on the Users page.
The Internal Web Application Pentest and External Web Application Pentest options have been removed from all assessment type filter drop-down menus, as these assessment types are no longer offered.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.