✨ New features to highlight in this version

Enjoy them all now for free at https://cloud.prowler.com

🕸️ Attack Paths

A brand new Attack Paths feature powered by Cartography and Neo4j graph database enables you to visualize and analyze potential attack vectors across your AWS environments. This feature allows security teams to:

• Execute graph-based queries against your cloud infrastructure
• Visualize attack paths as interactive graphs
• Identify privilege escalation paths and lateral movement opportunities
• Prioritize remediation based on actual exploitability

🗂️ Resource Groups Overview

A new Resource Groups feature provides aggregated views of your cloud resources organized by security-relevant groupings (e.g., Compute, Storage, Network, Identity). This helps you quickly understand which resource categories have the most security issues.

📊 Redesigned Findings Table

The findings table has been completely rebuilt with a new design system, offering:

• Improved filtering UX with better multi-select support
• Enhanced table interactions and responsiveness
• Cleaner visual hierarchy for faster scanning
• Better integration with the new resource group filters

📋 Compliance Watchlist

A new Compliance Watchlist component on the Overview page lets you monitor your most critical compliance frameworks at a glance. Track pass/fail ratios and quickly navigate to detailed compliance views.

🎯 ThreatScore Pillar Breakdown

The Compliance Summary page now includes a detailed ThreatScore pillar breakdown, giving you visibility into how each security pillar (Identity, Data Protection, Network Security, etc.) contributes to your overall risk score.

📈 Enhanced Risk Plot

The Risk Plot has been improved with:

• Gradient background for visual risk context
• Better correlation between finding volume and security impact

🏛️ AWS European Sovereign Cloud

Full support for AWS European Sovereign Cloud regions, enabling organizations with strict data residency requirements to leverage Prowler's security scanning capabilities.

Read more about it in our blog: AWS EUSC with Prowler

☁️ Alibaba Cloud Provider (Full Support)

Alibaba Cloud now has full support in the Prowler App! After being introduced in the CLI in v5.15.0, this release brings complete API and UI integration, enabling you to:

• Add and manage Alibaba Cloud providers from the UI
• Run security scans against your Alibaba Cloud infrastructure
• View findings and compliance status alongside other cloud providers
• Calculate Prowler ThreatScore for Alibaba Cloud environments

Explore all 63 Alibaba Cloud checks at Prowler Hub.

☁️ Cloudflare Provider - CLI Only

Prowler now supports Cloudflare as a first-class cloud provider! Scan your Cloudflare infrastructure for security misconfigurations across zones, DNS, email, WAF, and more.
Available checks include:

• TLS/SSL configuration validation
• DNS record security
• Email security (SPF, DKIM, DMARC)
• Bot protection settings
• WAF configuration
• Privacy and anti-scraping settings
• Zone configuration best practices

Explore all Cloudflare checks at Prowler Hub.

📚 New Compliance Frameworks

CIS 5.0 for Azure

The latest CIS Azure Foundations Benchmark v5.0 is now available, bringing updated security controls aligned with current Azure best practices.

CIS 6.0 for Microsoft 365

New CIS Microsoft 365 Benchmark v6.0 compliance framework for comprehensive M365 security assessment.

CIS 1.12 for Kubernetes

Updated CIS Kubernetes Benchmark v1.12 with the latest container security controls.

🤖 AI Skills Pack

Prowler now includes an AI Skills Pack for AI coding assistants like Claude Code, OpenCode, and Codex. Following the agentskills.io standard, this enables AI assistants to better understand Prowler's codebase and contribute more effectively.

🧩 New Checks

GCP - Compute (10 new checks)

• compute_instance_group_multiple_zones - Ensure instance groups span multiple zones for HA
• compute_instance_group_autohealing_enabled - Verify autohealing is configured
• compute_instance_group_load_balancer_attached - Check load balancer attachment
• compute_instance_disk_auto_delete_disabled - Prevent accidental data loss
• compute_configuration_changes - Detect configuration changes in Cloud Audit Logs
• compute_instance_single_network_interface - Enforce single NIC policy
• compute_image_not_publicly_shared - Prevent public image exposure
• compute_snapshot_not_outdated - Identify stale snapshots
• compute_project_os_login_2fa_enabled - Enforce 2FA for OS Login
• compute_instance_on_host_maintenance_migrate - Verify live migration settings

🚀 Azure Entra Performance

We've improved performance when retrieving user registration and MFA details from the Azure and M365 Entra services. As part of this enhancement, an additional API call is now required for Azure, which means that service principals used to scan Azure must be granted the Audit.Read.All permission. You can find more details in our documentation.

🔐 Security Updates

Security patches across all components:

• Django 5.1.15 (CVE-2025-64460, CVE-2025-13372)
• Node.js 24.13.0 LTS (8 CVEs from January 2026 advisory)
• Werkzeug 3.1.4 (CVE-2025-66221)
• django-allauth v65.13.0 (CVE-2025-65431)
• pyasn1 v0.6.2 (CVE-2026-23490)
• safety 3.7.0 (CVE-2025-68146)
• LangChain 1.2.10 and @langchain/core 1.1.15

UI

🚀 Added

• Search bar when adding a provider (#9634)
• New findings table UI with new design system components, improved filtering UX, and enhanced table interactions (#9699)
• Gradient background to Risk Plot for visual risk context (#9664)
• ThreatScore pillar breakdown to Compliance Summary page and detail view (#9773)
• Provider and Group filters to Resources page (#9492)
• Compliance Watchlist component in Overview page (#9786)
• Add a new main section for list Attack Paths scans, execute queries on them and view their result as a graph (#9805)
• Resource group label filter to Resources page (#9820)

🔄 Changed

• Refactor Lighthouse AI MCP tool filtering from blacklist to whitelist approach for improved security (#9802)
• Refactor ScatterPlot as reusable generic component with TypeScript generics (#9664)
• Rename resource_group filter to group in Resources page and Overview cards (#9492)
• Update Resources filters to use __in format for multi-select support (#9492)
• Swap Risk Plot axes: X = Fail Findings, Y = Prowler ThreatScore (#9664)
• Remove duplicate scan_id filter badge from Findings page (#9664)
• Remove unused hasDots prop from RadialChart component (#9664)

🐞 Fixed

• OCI update credentials form failing silently due to missing provider UID (#9746)

🔐 Security

• Node.js from 20.x to 24.13.0 LTS, patching 8 CVEs from January 2026 security advisory (#9797)
• langchain from 1.1.5 to 1.2.10 and @langchain/core from 1.1.8 to 1.1.15 (#9797)

API

🚀 Added

• /api/v1/overviews/compliance-watchlist endpoint to retrieve the compliance watchlist (#9596)
• AlibabaCloud provider support (#9485)
• /api/v1/overviews/resource-groups endpoint to retrieve an overview of resource groups based on finding severities (#9694)
• group filter for GET /findings and GET /findings/metadata/latest endpoints (#9694)
• provider_id and provider_id__in filter aliases for findings endpoints to enable consistent frontend parameter naming (#9701)
• Attack Paths: /api/v1/attack-paths-scans for AWS providers backed by Neo4j (#9805)

🔐 Security

• Django 5.1.15 (CVE-2025-64460, CVE-2025-13372), Werkzeug 3.1.4 (CVE-2025-66221), sqlparse 0.5.5 (PVE-2025-82038), fonttools 4.60.2 (CVE-2025-66034) (#9730)
• safety to 3.7.0 and filelock to 3.20.3 due to Safety vulnerability 82754 (CVE-2025-68146) (#9816)
• pyasn1 to v0.6.2 to address CVE-2026-23490 (#9818)
• django-allauth[saml] to v65.13.0 to address CVE-2025-65431 (#9575)

SDK

🚀 Added

• AI Skills pack for AI coding assistants (Claude Code, OpenCode, Codex) following agentskills.io standard (#9728)
• Prowler ThreatScore for the Alibaba Cloud provider (#9511)
• compute_instance_group_multiple_zones check for GCP provider (#9566)
• compute_instance_group_autohealing_enabled check for GCP provider (#9690)
• Support AWS European Sovereign Cloud (#9649)
• compute_instance_disk_auto_delete_disabled check for GCP provider (#9604)
• Bedrock service pagination (#9606) - Thanks to @sonofagl1tch
• ResourceGroup field to all check metadata for resource classification (#9656)
• compute_configuration_changes check for GCP provider to detect Compute Engine configuration changes in Cloud Audit Logs (#9698)
• compute_instance_group_load_balancer_attached check for GCP provider (#9695)
• Cloudflare provider with critical security checks (#9423)
• CloudFlare TLS/SSL, records and email checks for zone service (#9424)
• compute_instance_single_network_interface check for GCP provider (#9702)
• compute_image_not_publicly_shared check for GCP provider (#9718)
• compute_snapshot_not_outdated check for GCP provider (#9774)
• compute_project_os_login_2fa_enabled check for GCP provider (#9839)
• compute_instance_on_host_maintenance_migrate check for GCP provider (#9834)
• CIS 1.12 compliance framework for Kubernetes (#9778)
• CIS 6.0 for M365 provider (#9779)
• CIS 5.0 compliance framework for the Azure provider (#9777)
• Cloudflare Bot protection, WAF, Privacy, Anti-Scraping and Zone configuration checks (#9425)

🔄 Changed

• Update AWS Step Functions service metadata to new format (#9432)
• Update AWS Route 53 service metadata to new format (#9406)
• Update AWS SQS service metadata to new format (#9429)
• Update AWS Shield service metadata to new format (#9427)
• Update AWS Secrets Manager service metadata to new format (#9408)
• Improve SageMaker service tag retrieval with parallel execution (#9609) - Thanks to @sonofagl1tch
• Update AWS Redshift service metadata to new format (#9385)
• Update AWS Storage Gateway service metadata to new format (#9433)
• Update AWS Well-Architected service metadata to new format (#9482)
• Update AWS SSM service metadata to new format (#9430)
• Update AWS Organizations service metadata to new format (#9384)
• Update AWS Resource Explorer v2 service metadata to new format (#9386)
• Update AWS SageMaker service metadata to new format (#9407)
• Update AWS Security Hub service metadata to new format (#9409)
• Update AWS SES service metadata to new format (#9411)
• Update AWS SSM Incidents service metadata to new format (#9431)
• Update AWS WorkSpaces service metadata to new format (#9483)
• Update AWS OpenSearch service metadata to new format (#9383)
• Update AWS VPC service metadata to new format (#9479)
• Update AWS Transfer service metadata to new format (#9434)
• Update AWS S3 service metadata to new format (#9552)
• Update AWS DataSync service metadata to new format (#8854)
• Update AWS RDS service metadata to new format (#9551)
• Update AWS Bedrock service metadata to new format (#8827)
• Update AWS IAM service metadata to new format (#9550)
• Enhance user_registration_details perfomance and user mfa evaluation (#9236)
• Update AWS Cognito service metadata to new format (#8853)
• Update AWS EC2 service metadata to new format (#9549)
• Update Azure AI Search service metadata to new format (#9087)
• Update Azure AKS service metadata to new format (#9611)
• Update Azure API Management service metadata to new format (#9612)

🐞 Fixed

• OCI authentication error handling and validation (#9738)
• Python mutable default argument in AWS EC2 Security Group lib (#9216) - Thanks to @leetrout

🔐 Security

• safety to 3.7.0 and filelock to 3.20.3 due to Safety vulnerability 82754 (CVE-2025-68146) (#9816)
• pyasn1 to v0.6.2 to address CVE-2026-23490 (#9817)