Looking for a bug fix list for all versions of Password Secure?
All bug fixes will automatically be added here!
26.6 Updates
Netwrix Password Secure 26.6.100 Released: French language support and critical security fixes
June 18, 2026
The following table contains a comprehensive list of updates and fixes introduced in this version.
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Server | An error caused the database to lose all password and document history when you permanently deleted a user, an organizational unit, or a role using the Windows Application (version 9.3.1 to 26.5.1). | 441585 | |
| Breaking changes! We fixed two security advisories. You can read more about it here in the community. | 436133 | ||
| An issue caused server methods without authentication, like the HealthCheck, to fail. | 436749 | ||
| Web app | You can now change the server-side language of a user without changing another property. | 439508 | |
| The CSV import in the web application now works correctly in both the advanced and basic views. | 422673 | ||
| It is now possible to store IPv6 values in fields of type âIP addressâ. | 435762 | 4309362 | |
| Several design issues from the latest web application redesign no longer appear. | 419911, 440103, 419909 | ||
| The context menus in the âApplicationsâ module and the list of directory services showed some entries like âTagsâ twice. This is no longer the case; every entry is available only once. | 435607 | ||
| Windows app | The column headers of data printouts are now visible again when you run them via the Windows Application. | 436816 | 4309250 |
| Web app + Windows app | An incorrect German translation caused a logbook event to display as a duplicate. This issue no longer occurs. | 438413 | |
| .NET SDK | An issue in the .NET SDK affected role creation and modification (PsrRole object). This issue no longer occurs. | 439513 | |
| Browser Extension | The icon in the browser extension notifying a user about not executed autofill now has the normal size again. | 425352 |
Compatibility
The following client versions are compatible with Netwrix Password Secure Application Server 26.6.100:
- Windows & Web App: >= 26.3.100
- Browser Extensions & API/SDK: >= 26.3.100
Note: Areas affected by the changes in this release, such as the logbook, may show reduced data compared to before, even when using older compatible client versions.
26.5 Updates
Patch Version 26.5.1 Released
May 8, 2026
The following table contains a comprehensive list of updates and fixes introduced in this version
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Windows App | Fixed an issue that caused heavy performance issues when using the Windows application. | 435455 | 4309318, 4309327, Community |
| Fixed an issue causing the permissions of Active Directory profiles and Entra ID profiles not to load using the Windows application. | 432817 |
Compatibility
The following client versions are compatible with Netwrix Password Secure Application Server 26.5.1:
| Component | Minimum Version |
|---|---|
| Windows App | >= 26.3.100 |
| Web App | >= 26.3.100 |
| Browser Extensions | >= 26.3.100 |
| API/SDK | >= 26.3.100 |
The following Netwrix Password Secure Application Server versions are compatible with the Password Secure Browser Extension 26.5.1:
| Component | Minimum Version |
|---|---|
| Application Server | >= 26.3.100 |
Note: Older client versions may work but arenât officially supported. Any breaking changes will be announced explicitly.
26.4 Updates
Password Secure Minor Version 26.4.10 Released
April 30, 2026
- Fixed two issues in the Windows App: application becoming unresponsive, and incorrect password transmission in Exchange forms.
- Fixed multiple Web App issues affecting form editing, Active Directory profiles, tagging, password generation, shared password visibility, and validation.
- Applied usability and design improvements to align the Web App with the corporate design system.
- Resolved a setup wizard loop in Server Manager and enabled permanent deletion of users with API keys on the server.
- Improved SDK reliability, removed a redundant file, and added support for form creation.
The following table contains a comprehensive list of updates and fixes introduced in this version
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Windows App | In some cases, the Windows application ran into an unresponsive state. This issue should now be resolved. | 431903 | 4308001 |
| Using âExchange formâ in the Windows application, the password value is now transmitted correctly when âCreate as newâ is selected as the action for the field. | 417568 | 4308444 | |
| Web App (Advanced View) | When editing forms, all fields are displayed again and not only the first 20. | 423402 | 4308914 |
| It was not possible to save Active Directory profiles. This issue is now resolved. | 424526 | ||
| Fixed an issue where the public/private shield in the header was always set to âPrivateâ after creating a shared password. | 424528 | ||
We fixed an issue where it was possible to render HTML in the list of options. Following our suggested Content-Security-Policy header for the web server, it was not possible to cause any damage. |
432772 | ||
| It is no longer possible to save a seal with negative validity times. | 422589 | ||
| The content of the âSpecial charactersâ field in the password generator can now be changed properly again. | 423793 | 4308954 | |
| Tags that were newly created in the current session can now be found in the filter and when changing other objects. | 424527 | ||
| Some minor design improvements were done to match the corporate design system. | 419724 | ||
| Web App (Basic View) | The content of the âSpecial charactersâ field in the password generator can now be changed properly again. | 423793 | 4308954 |
| Some minor design improvements were done to match the corporate design system. | 419724 | ||
| Server Manager | We fixed an issue causing the setup wizard to start again when running the Server Manager the first time after an installation. | 424520 | 4309036, 4308926, 4309055 |
| Server | It is possible now to permanently delete users that created an API key. | 423012 | 4308743 |
| It is no longer possible to save a seal with negative validity times. | 422589 | ||
| .NET SDK | A redundant file has been removed from the published ZIP archive. | 424649 | |
| It is now possible to create forms using the .NET SDK. | 426846 |
26.3 Updates
Patch Version 26.3.101 for Password Secure released
March 24, 2026
- We fixed an issue that prevented the .NET SDK from being operational. Now, it can be used again. [.NET SDK]
- Some customers reported that they are not able to activate their databases after the last update. This problem was caused by having the user right âIs database administratorâ globally set to âActivatedâ. Now, this setup is no longer an issue. [Server]
- Errors that happen during web service requests are now protocolled in the Windows event log, too. [Server]
- Fixed a minor visual issue in the browser extension for Mozilla Firefox. [Browser Extension]
- An issue in the validation of the web application was fixed. It is now possible again to save passwords having a minimum or a maximum length configured. [Web App (Advanced view), Web App (Basic view)]
- It is possible again for MSPs to edit their customers using the Server Manager. [MSP]
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| .NET SDK | We fixed an issue that prevented the .NET SDK from being operational. Now, it can be used again. | 423386, 423397 | 4308958 |
| Server | Some customers reported that they are not able to activate their databases after the last update. This problem was caused by having the user right âIs database administratorâ globally set to âActivatedâ. Now, this setup is no longer an issue. | 423797 | 4308957, 4308959 |
| Browser Extension | Fixed a minor visual issue in the browser extension for Mozilla Firefox. | 423389 | |
| Web App | An issue in the validation of the web application was fixed. It is now possible again to save passwords having a minimum or a maximum length configured. | 423392 | 4308914, 4308918 |
| MSP | It is possible again for MSPs to edit their customers using the Server Manager. | 423713 | 4308927 |
Password Secure Version 26.3.100 released
March 19, 2026
⢠Improved validation and consistency across the web application
⢠Fixes for logout behavior and UI inconsistencies
⢠Improved autofill detection for more websites
⢠Multiple security-related improvements across components. Additional details can be viewed here: ADV-2026-005 - Vulnerability in Netwrix Password Secure
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Windows App | When changing the name of a form and closing the tab without saving, the Windows app now asks the user if the changes should be discarded. | 416119 | |
| In the ribbon, starting an application from the password list displays the name of all connected applications again. In the application list, the names of connected passwords are displayed again, too. | 417913 | 4308591 | |
| Web App (Advanced View) | When creating a seal, the fields for configuring the validity hours of release requests and releases are no longer marked as errors after their value was changed. | 418951 | |
| The number of affected users, groups, and organizational structures in the Active Directory synchronization assistant is now displayed correctly again. | 417335 | 4308526 | |
| Web App (Basic View) | When logging out from the web app, it may happen that the page flickers. This issue is now resolved. [Web App (Advanced view), Web App | 409237 | |
| Server | Security: When a server method fails, the stack trace is no longer reported to the customer. | 417945 | 4308597 |
| Browser Extension | We improved the logic Password Secure is using to find login forms that can automatically be filled. More sites should now be supported again. | 386492 | 4264369 |
| We fixed an issue with the automatic password entry in websites for many sites, where the file ending caused problems (like, e.g., .jsp or .jsc files). | 417448 | 4308547, 4308556, 4308567, 4308576, 4308502, 4308625, 4308646, 4308691, 4308718, 4308783 |
Compatibility
All clients must match the server version.
Older client versions are no longer supported for this release.
The following client versions are compatible with Netwrix Password Secure Application Server 26.3.100:
- Windows & Web App: same version (26.3.100)
- Browser Extensions & API/SDK: >=26.3.100
Note: This release brings in some breaking changes. Because of this, all clients need to be upgraded as soon as the server is upgraded to the newest version. Older clients are not able to connect!
NOTE: With the release of Version 26.3.100, support for version 9.0.0.30423 and older has stopped.
9.3 Updates
Patch Version 9.3.1 for Password Secure released
February 5, 2026
New
| ID | Description | Applies to |
|---|---|---|
| #411709 | The JavaScript and .NET SDK now allow retrieving API key information so developers can limit displayed functionality based on permissions. | API |
Improved
| ID | Description | Applies to |
|---|---|---|
| #392815 | The âwrong passwordâ hint in the login screen changes once the lock time has expired. | Web App |
| #403032 | ECC migration now writes logbook entries so key rotations and errors are traceable. | Server |
| #404832 | Performance when loading passwords via the browser extension has been significantly improved. | Server, Browser Extension |
| #395418, #405158, #401835, #374164, #376913 | Text updates to improve clarity and consistency. | Web App, Windows App, Browser Extension |
| #405858, #405559 | Access to historical data has been reworked to improve performance and ECC migration. | Web App, Windows App, Server |
| #396249 | Improved performance of server side ECC migration. | Server |
| #404163 | Second factor configuration now uses a more modern design. | Web App |
| #409113 | The âLast changeâ column now includes the time in table view. | Windows App |
| #377720 | More lists, such as applications and tags, now support multi selection. | Web App |
Removed
| ID | Description | Applies to |
|---|---|---|
| #372070, #160820 | The âDisplay kind: Logoâ option has been completely removed. | Web App, Windows App |
Fixed
| ID | Description | Applies to |
|---|---|---|
| #405460 | Fixed an issue preventing ECC migration when a user belonged to too many roles. | Server |
| #403057 | Database activation works again when duplicated global options or user rights exist. | Server |
| #402132 | Multiple legitimate permissions can be removed from an object again. | Web App |
| #402894 | Default values for Date form fields can now be saved. | Web App |
| #404252 | Fixed an issue where a password could be revealed without a logbook entry. | Server |
| #389969 | The browser extension now displays the most recent search result correctly. | Browser Extension |
| #404943 | Moving a password no longer applies permission changes before confirmation. | Web App |
| #403170 | Renaming OTP or Password fields no longer causes loss of secrets. | Web App, Windows App |
| #405682 | The âEmpty entire binâ option is now available for basic users. | Web App |
| #405843 | Users without permission to modify rights can no longer edit permissions via templates. | Web App |
| #400786, #406171, #389583, #374905, #411708 | Fixed various visual issues. | Web App |
| #400937 | The email notification search field no longer loses focus while typing. | Web App |
| #406883 | Remote Desktop resolution is now configured correctly when scaling is enabled. | Windows App |
| #407540 | The browser extension no longer interferes with XML display in Firefox when CTRL is pressed. | Browser Extension |
| #408065 | Object expiration dates can now be set correctly for non English or German browser languages. | Web App |
| #409113 | Table columns are no longer removed after filtering in table view. | Windows App |
| #365962 | Settings page tiles are no longer cut off in slim browser windows. | Web App |
| #409423 | CSV export no longer fails when RegEx control characters are used as delimiters. | Web App |
| #411724 | Active Directory profile synchronization now updates the âLast completedâ value correctly. | Server |
| #413182 | Copying passwords or TOTP tokens from the browser extension works again. | Browser Extension |
| #409479 | Opening the quick view with the space bar no longer scrolls the page. | Web App |
| #413717 | Active Directory import search now resets correctly. | Web App |
| #403917 | Organisational units now display correctly in large environments. | Web App |
Minor Version 9.3.0 Released
October 9, 2025
Bugfixes
- An error that prevented RDP connections from being established has been resolved with the correct resolution.
- After breaking a seal, the password can be changed again.
- A crash of the Windows app, caused by using CTRL+Z in the login screen, has been fixed.
- An error was resolved, which prevented non-migratable documents from being permanently deleted.
- Users provisioned via Entra ID can now log in to the browser extension again.
- WebViewer exports can no longer be created with an invalid configuration.
- The setting âTransfer logbook entriesâ is now correctly loaded when opening the syslog configuration of a database.
Bug Fix list
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Windows App | A crash of the Windows app, caused by using CTRL+Z in the login screen, is fixed.. | 398084 | 4265233 |
| An error was resolved that prevented RDP connections from established with the correct resolution. | 160498 | 4248061, 4257469, 4264745 | |
| After breaking a seal, the password can be changed again. | 398412 | 4265215 | |
| Web App | After breaking a seal, the password can be changed again. | 398412 | 4265215 |
| Server Manager | The setting âTransfer logbook entriesâ is now correctly loaded when opening the syslog configuration of a database. | 403230 | 4265760 |
| Server | WebViewer exports can no longer be created with invalid configuration. | 403144 | |
| Users provisioned via Entra ID can now login to the browser extension again. | 403289 | 4265767, 4265785 | |
| An error was resolved, which caused non-migrateable documents being unable to be deleted permanently. | 398326 | 4265255 |
9.2 Updates
Patch Version 9.2.6 for Password Secure released
September 25, 2025
Bugfixes
- Reports for âAll applicationsâ and âActivities of the applicationsâ are now generated correctly.
- Logging in with an API key no longer requires a second factor.
Bug Fix list
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Server | The reports âAll applicationsâ and âActivities of the applicationsâ are created correctly again. | 401513 | |
| API | When logging in with an API key, it is no longer required to enter a second factor if such is configured for the user who created the key. | 400102 | 4265315 |
Patch Version 9.2.5 for Password Secure released
September 4, 2025
No bugs were fixed in this update.
Patch Version 9.2.4 for Password Secure released
August 7, 2025
No bugs were fixed in this update.
Patch Version 9.2.3 for Password Secure released
May 22, 2025
Weâre excited to announce the Netwrix Password Secure 9.2.3 bugfix release, available as of May 21, 2025. This minor update delivers several quality-of-life improvements, backend enhancements, and refinements to ensure a smoother and more secure user experience.
Improvements
- Flexible deployment for autofill
The autofill add-on can now be installed independently of the Windows app â ideal for streamlined setups and greater control in automated deployments. - Update and install management
All installation packages are now hosted on the Netwrix releases page, enabling centralized and consistent update handling across the Windows app, server, and API.
â Please update your firewall rules accordingly. - Improved handling of file uploads
Administrators can now allow file uploads without extensions using a dedicated setting â no more workarounds needed. - Smarter Web App access
When accessing the Web App via the browser extension, it now automatically connects to the correct database â simplifying user workflows.
Bug Fixes
- Clean install experience
Obsolete, unused executable files have been removed from the installer, and a bug in the MSI setup showing incorrect license texts has been corrected. Installation processes are now cleaner and more accurate. - Improved stability and accuracy
Resolved issues include password list sorting persistence, proper display of sealed passwords and OTP fields, correct handling of AD imports, role assignment behavior in the OU wizard, and crash prevention when displaying passwords in certain UI configurations.
Security Enhancements
- Improved logging and error handling
Logging has been refined with better transparency for ECC migrations, crash prevention updates, and less noisy logs â helping administrators maintain oversight with ease.
Miscellaneous
- Web App UI polish
Minor design tweaks and a reorganized âToolsâ page enhance the user interface for a cleaner, more consistent experience.
The following table contains a comprehensive list of updates and fixes introduced in this version
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Windows App | When logging in via a database alias, incorrect log entries are no longer written in order to avoid unnecessary error messages. | 376511 | 4263525 |
| After changing the path of a document link, the new file extension can be filtered correctly again. | 379409 | ||
| The sorting of the password list is now retained, which saves repeated settings. | 378785 | ||
| Fixed a crash that could occur when displaying a password if the reading pane was disabled. | 377360 | 4263536, 4264154 | |
| If an RDP application is started without a password, an input window appears again so that the connection can be continued manually. | 384214 | 4264142, 4263802 | |
| Web App | Fixed a display error in the sealed password field that occurred with permissions via âEveryoneâ. | 370255 | |
| The page selection in lists now works as intended, which improves navigation. | 375780 | ||
| The selection of Active Directory objects during import works correctly again. | 367007 | ||
| The wizard for creating organizational units again correctly takes into account whether the user is allowed to create roles. | 380235 | ||
| Server | When logging in using a database alias via Windows app, incorrect log entries are no longer written. | 376511 | 4263525 |
| The correct OTP codes are now displayed in the Emergency WebViewer. | 379969 | 4263961 | |
| OTP fields now also appear in the WebViewer exports to provide complete data records. | 379937 | 4263956 | |
| In certain older versions, inconsistencies occurred in the display of organizational structures. These are now displayed correctly. | 381132 | ||
| Server Manager | The setting âActivate real-time updateâ is now reliably saved when creating a database in order to avoid configuration errors later on. | 379653 | 4263870 |
| If incorrect SQL Server access data is entered in the database wizard, the wizard can no longer be continued. | 378224 | ||
| Web App (Extended View) & Browser Extension | When opening the web app via browser extension, it now automatically logs into the correct database. | 378346 | 4263695 |
Compatibility
The following client versions are compatible with Admin Client Version 9.2.3.32988:
Windows Client:
-
Version 9.2.3.32988
-
Version 9.2.2.32703
WebClient:
-
Version 9.2.3.32988
-
Version 9.2.2.32703
NOTE: With the release of Version 9.2.3.3298, support for version 8.16.6.30233 and older has stopped.
Setup Check Hashes (SHA-51 Hash)
English Server Setup (pss9.2.3.32988-en.msi
d3f2153cae5c4dedbc3d91e13698426b2aaa8fbe5f953b1d8287a9375c52437988d88181a17deeac6c5c9697c9d5235a99b92d687fd6face1e6254d46a6c320a
German Server Setup (pss9.2.3.32988-de.msi)
ef52b7683baf0b400322fc414f9750a8eb867480141e937f043dc29c009a7f201a83202c0a9f363b30363e54cd78a49f2d8c14b6e2a9a1c683420197b7ee357e
English Client Setup (psc9.2.3.32988-en.msi)
3ee62a4e6f43e81e4e12c8db87ef468cb5d2a1cd14451bc7fe673b034bd30fc81a2c886d5cd6298d515a6354704583059b5d5305c06c9ae510608bbe084c2c11
German Client Setup (psc9.2.3.32988-de.msi)
87a925794d0ffb8a68a5e473eb1711f8de28af78c3ce9839a4d08c91a46dbf1ebddb5e77708a69a790f823a5ea25008e5e045f9c8c2385fa0eff3367522632a9
Patch Version 9.2.2 Released
April 1, 2025
The following overview highlights the updates and fixes included in the Password Secure 9.2.2 bugfix release on April 1, 2025.
Improvements
- Added âToolsâ category in the Web App: Provides quick access to various functionalities from a dedicated menu.
- User unlock capability via the Web App: Administrators can directly unlock locked user accounts from within the Web App, streamlining user management.
Bug Fixes
- Various important stability and performance improvements for the new Web App.
- Resolved issues with incorrect text loading.
- Corrected language selection functionality within the Web App.
- Fixed the ability to move passwords between organizational units using the âEditâ view.
Security Enhancements
- Documents with restricted file extensions are no longer downloadable.
- The âHostnameâ field for SSH applications now strictly accepts valid DNS names and IP addresses (both IPv4 and IPv6).
- Blocked storage of potentially harmful file extensions as document links, improving overall system security.
Miscellaneous
- Improved ECC migration by allowing the cleanup of non-migratable data.
The following table contains a comprehensive list of updates and fixes introduced in this version
Bug Fix list
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Web App (Advanced View) | A list is no longer switching back to page 1 when an object was closed. | 366007 | |
| The layout of the web app is no longer broken when switching from basic view to advanced view. | 373176 | ||
| Itâs no longer possible to create a seal template without name. | 370357 | ||
| Some missing components of the new design of the web app have now also been updated. | 373852 | ||
| Some errors in which texts were not loaded correctly have been fixed. | 373739 | ||
| The web app is loading the correct language again. | 376097 | 4263440, 4263763, 4263889 | |
| Passwords can be moved to a different organisation unit using the âEditâ view again. | 377345 | 4263521, 4263951 | |
| Web App (Basic View) | Some errors in which texts were not loaded correctly have been fixed. | 373739 | 4263440, 4263763, 4263889 |
| Server | Messages that are sent to a syslog server no longer have a leading Byte Order Mark (BOM). | 363211 | 4261156 |
| The server is now validating the file extension of a document. | 374117 | ||
| The timeout when creating a new database and when running an SQL benchmark has been increased. | 375120 | ||
| The automatic check for corrupted passwords is operational again. | 376833 | ||
| Browser-Extension | The autofill function of the browser extension has been improved. Websites that react to the âwebkitAnimationEndâ event no longer hang. | 367721 | 4262369 |
Compatibility
The following client versions are compatible with Admin Client Version 9.2.2.32703:
Windows Client:
- Version 9.2.2.32703
WebClient:
- Version 9.2.2.32703
NOTE: With the release of 9.2.2.32703, support for version 8.15.4.29321 and older has stopped.
Setup Check Hashes (SHA-51 Hash)
English Server Setup (pss9.2.2.32703-en.msi
b5f1043c4d77ce8278125d8a440131c6df10a5cd747f7720f1ac587a8c9485c36184fb6b4f57b730436f829e92cc32e3dc0893ac54aaa358e7f6a4b4416ead33
German Server Setup (pss9.2.2.32703-de.msi)
2fb14bf1042fa3aa638ade7023f4e3057eca41264c23c0c7d25aa657c76b98adc66cde8d111b7526eaae328db8a53f1277b5136bd2165d874cdee802ab9f3778
English Client Setup (psc9.2.2.32703-en.msi)
1bcbdae3bf9acd1bf7a5a518c36dc9878a1f8d3df57593280c6f0e3c5bc36e1c03a22d2e644a350a3f5153a89753830a7a7dedf5225916ada1b39ba654dda809
German Client Setup (psc9.2.2.32703-de.msi)
12aeddf030c7da350ec58383528d4e65a7efae0ac4d8734e6267aee0c30fe5fb736c72c4e128686333efdb3f9c9ccf68e1cb1a61f8d00eca736079c194c49a60
Patch Version 9.2.1 Released
March 31, 2025
The following overview highlights the updates and fixes included in the Password Secure 9.2.1 bugfix release on February 4, 2025.
Improvements
Server & Server Manager
- The default name of the configuration database now automatically includes the serverâs host name, making it easier to identify and manage systems.
API
- The API version can now be queried directly, providing better visibility and simplifying integration management.
Fixes
Windows App
- Active Directory users in MasterKey mode can once again change their first authentication factor.
- The distribution of translation files has been optimized.
Web App (New design only)
- Password fields of type âHeadingâ are now displayed correctly.
- The field for assigning roles when creating a new user is readable again.
- Translation file distribution has been optimized.
Browser Extension
- A vulnerable package in the extensionâs dependencies has been replaced, resolving a potential security issue.
API
- The
SaveRightsfunction in the JavaScript API is working again.
Basic View in Web App (New design only)
- Mouse hover effects have been fixed.
See the Netwrix_Password Secure_9.2.1_BugFixList.pdf for a list of bugs fixed in this version.
Version 9.2 - Release Notes & Bug Fixes
January 15, 2025
See the Netwrix Password Secure V9.2 Bug Fix for a list of bugs fixed in this version.
9.1 Updates
Version 9.1 - Release Notes & Bug Fixes
July 22, 2024
See the Netwrix Password Secure v9.1 Bug Fix for a list of bugs fixed in this version.
The following versions may have limited or no support. Please see the