Version 2026.2.7.0 (June 16, 2026)

If you are using a client (RDM, PowerShell, etc.), version 2026.2 is required for this DVLS version

IMPROVEMENTS

• Core - Website Legacy entries can no longer be edited and must be converted before use. The option to permanently dismiss the conversion notice has also been removed
• PAM - Added requested elevation details to reports
• PAM - Added visibility into which approvers received temporary access and PAM checkout requests
• PAM - Prevented users from approving their own checkout requests through linked accounts when self-approval is disabled

FIXES

• SECURITY Core - Fixed a security issue where duplicating a folder could expose attachments and handbook pages to users without access to the original content
• SECURITY Core - Fixed a security issue where ticketing service credentials (ServiceNow and Jira) could be viewed by authenticated users through data source settings
• SECURITY PAM - Fixed missing permission checks on discovery scan results, ensuring only authorized users can access discovery data
• SECURITY Core - Fixed a privilege escalation issue that could allow users creating vaults or PAM providers to assign themselves System Administrator rights
• SECURITY Core - Fixed an issue where social-login entry metadata could be visible to vault members who were explicitly denied access to those entries
• Core - Fixed a performance regression that caused system permission changes to take longer than expected to save
• Core - Fixed a synchronizer error that occurred when nested groups were deleted in Entra ID (Azure AD)
• Core - Fixed an issue preventing orders from being created when they contained both a starter pack and additional licenses
• Core - Fixed an issue where changing a password on first login after a basic installation could fail
• Core - Fixed an issue where exported attachments and documents could become unusable after re-importing with attachments included
• Core - Fixed an issue where the "Template list only" mode was not enforced, allowing entries to be created without a template
• Core - Fixed an issue where variables were not resolved when unsealing entries or sending related notifications
• Core - Fixed false password-change audit logs and notification emails when updating non-credential Website entry settings
• Core - Improved loading performance for repository assignments, including the Batch Grant Access window
• PAM - Fixed PostgreSQL accounts incorrectly appearing out of sync after successful password resets
• PAM - Fixed the "MFA on checkout" default setting not being saved
• Web - Fixed a JavaScript error when viewing entry details containing deserialization errors under Reports > Diagnostic > Entries
• Web - Fixed an issue where deleting an entry could trigger an error and leave the connections tree in an incorrect state until the page was refreshed
• Web - Fixed an issue where unsupported AI Assistant providers appeared blank in the edit dialog and could cause the wrong provider to be saved
• Web - Fixed Synchronizer entries becoming unusable in the web interface when the synchronization mode was set to manual or inherited manual
• Web - UI fixes

** CONSOLE RELEASE NOTES **

IMPROVEMENTS

• Minor updates