Skip to main content
ReleaseBloodHoundOpenHoundSharpHoundAzureHound
2026-07-07v9.4.0v0.2.11No releaseNo release
Use the filters on the right side of this page to narrow down the updates by component. You can select multiple filters at the same time to refine your results.
BloodHound
Data Collection
New Feature

ADCS ESC14 Scenario A Attack Paths

Analyze ADCS ESC14 Scenario A attack paths directly in BloodHound so you can identify explicit certificate-mapping abuse paths that rely on altSecurityIdentities.In ESC14 Scenario A, an attacker who can modify a target principal’s altSecurityIdentities attribute, or who has equivalent control through the Public-Information property set, can add an explicit certificate mapping that points to a certificate they control and then authenticate as the target.This release adds graph coverage for the following edges, helping you surface certificate-based impersonation and privilege escalation paths that were previously harder to model and investigate:
BloodHound
API
New Feature

Graph ID Lookup APIs

Retrieve details for specific OpenGraph nodes and relationships by their graph-assigned integer IDs.BloodHound now exposes the following experimental OpenGraph API endpoints:
BloodHound
Administration
Enhancement

Auditor Role Access Improvements

Allow auditors to review File Ingest activity and SSO Configuration details.Auditors can now access these administration views in a read-only state while actions, such as uploading files or creating providers, remain restricted to roles with write access.
BloodHound
Administration
Enhancement

Updated Default Admin Email Address

Use a more appropriate default admin email address in BloodHound Community configuration and example files.BloodHound Community now uses admin@example.com instead of spam@example.com for the default_admin.email_address configuration property and related examples.
Existing workflows that still rely on the previous email address for initial login may need to be updated.
OpenHound
Data Collection
Enhancement

More Resilient OpenHound Operations

Keep long-running OpenHound jobs alive, identify deployed client versions more easily, and troubleshoot failures with clearer logs.OpenHound now:
  • Continues checking in during active collections to reduce unintended job timeouts
  • Continues collection more often when single-object errors occur
  • Handles deferred pipeline failures more consistently
  • Reports its version to BloodHound for visibility on the Manage Clients page
  • Uses human-readable plain-text log format by default for file and stdout output, while keeping structured JSON as an opt-in format
BloodHound
Zone Builder
Enhancement

Privilege Zone Rule Authoring Improvements

Build and validate Privilege Zone rules with less rework when you switch rule types or refine Cypher-based rules.BloodHound now:
  • Preserves rule state when you switch between Cypher and Object ID rule types
  • Prompts you to rerun Cypher when the query changes
  • Warns you with a confirmation dialog before saving a Cypher-based rule that returns no results
    This helps when you expect a rule to return results after future data collection or changes in your environment.
BloodHound
Accessibility
Enhancement

Accessibility Improvements

Navigate BloodHound with clearer focus states, more consistent semantic structure, and better screen-reader labeling across key workflows.This release improves accessible names and labels in administration forms, strengthens visible keyboard focus behavior, and refines headings and page structure to better support assistive technologies.
BloodHound
Cypher
Enhancement

Higher Memory Limits for Cypher Queries

BloodHound Enterprise logoRun more complex Cypher queries in BloodHound Enterprise and return larger Entity Panel sections than were previously supported.
BloodHound
Zone Builder
Enhancement

Variable Analysis Mode

BloodHound Enterprise logoSee Privilege Zone updates reflected in your graph faster.When you enable Variable Analysis Mode on the Early Access page, BloodHound Enterprise can skip post-processing after Privilege Zone changes and re-run only the analysis stages needed to update tagged objects and findings.This reduces the time it takes for updated zone definitions and related findings to appear in the graph.
BloodHound
Fixed Issues

Analysis

Resolved an issue where multi-forest environments that consolidated ADCS into one forest could produce false-positive ADCS ESC attack path edges when a Computer node belonged to a different forest than the Enterprise CA.

API

  • Resolved an issue where the GET /api/v2/datapipe/status endpoint did not reliably update last_analysis_run_at and did not expose the scheduled-analysis timestamps needed to track analysis cadence.
  • Resolved an issue where the related_entity_type parameter on the Get Azure entity endpoint could respond too slowly for descendant objects of large AZTenant nodes and degrade the user experience in the UI.

Explore

  • Resolved an issue where saved query imports could fail for JSON files that used UTF-8 BOM encoding, including files packaged in ZIP archives.
  • Resolved an issue where Cypher equality comparisons could fail for values that contained special characters.

OpenGraph

  • Resolved an issue where dragging a file onto the Quick Upload dialog on the OpenGraph Management page could open the wrong dialog.
  • Resolved an issue where nodes with colons in their names could disappear from the Search and Pathfinding fields.
  • Resolved an issue where the OpenGraph extension deletion dialog accepted only one character at a time, preventing confirmation.
  • Resolved an issue where the Privilege Zone object details panel failed to load OpenGraph node data for rule-matched objects.

UI

  • Resolved focus-state inconsistencies on dropdown menus that could make active controls harder to distinguish.
  • Resolved an issue where parts of the Posture page used browser localization settings inconsistently.

Findings

BloodHound Enterprise logo Resolved an issue where individual attack paths and their finding counts could appear on the Posture page but not on the Attack Paths page.
OpenHound
Fixed Issues
  • Resolved an issue where a stub GH_Organization node could overwrite a fully collected organization and incorrectly mark it as not collected.
  • Resolved an issue that could cause GitHub collections to fail during normalization.
  • Resolved issues that made large GitHub collections more likely to stall or fail when GitHub API rate limits were exhausted.
  • Resolved multiple Jamf collector failures involving preprocessing, database lookups, and ingest behavior.
  • Resolved an issue that could cause Okta and GitHub collections to fail in Kubernetes-based deployments.
  • Resolved an issue where OpenHound did not respect the default setting that disables anonymous telemetry data.