AC-Hunter Update – v7.0.4

We have two updates to share with you today: an important note on a recently disclosed nginx vulnerability and how it affects AC-Hunter, plus a new migration guide to help you move from AC-Hunter 6 to AC-Hunter 7.

First, the security item. You may have seen reporting on CVE-2026-42945, nicknamed “NGINX Rift,” a recently disclosed vulnerability in the nginx web server. AC-Hunter ships nginx inside its frontend container, so we want to share what this means for your deployment.

The short version: Both AC-Hunter 6 and AC-Hunter 7 are safe from this vulnerability. There is no emergency action required on your part.

Why you’re safe

CVE-2026-42945 is a flaw in nginx’s ‘rewrite’ module. For it to be reachable, the server’s nginx configuration must contain a specific combination of ‘rewrite’ directives and capture-group references. Critically, this pattern has to already exist in the configuration. It cannot be injected by an attacker over the network.

AC-Hunter’s nginx configuration doesn’t use the ‘rewrite’ module at all. It only routes API traffic, serves the frontend, and redirects HTTP to HTTPS. None of the conditions required to trigger the vulnerability are present, in either version of the product.

A heads-up about vulnerability scanners

Because the affected nginx code still exists in the container’s nginx binary, a vulnerability scanner may flag AC-Hunter for CVE-2026-42945 based on a version-number match. This applies to both AC-Hunter 7 and AC-Hunter 6. We want to be clear: this is a version match against a CVE database, not an exploitable condition on your system. The vulnerable code path is never reached by AC-Hunter’s configuration.

Our patch plan

• AC-Hunter 7: We are releasing an update now (v7.0.4) that upgrades the bundled nginx to a fixed version, so it will no longer match on scans. We recommend applying it at your convenience to keep your scan reports clean.
• AC-Hunter 6: A separate component dependency currently prevents us from upgrading nginx in this version, so a patch is not yet available. AC-Hunter 6 remains non-exploitable for the reasons above. This is purely about clearing the scanner flag. We are actively monitoring for the ability to deliver a patched build for v6.

Moving from AC-Hunter 6 to AC-Hunter 7

Separately, we’ve just published a new migration guide to make upgrading from AC-Hunter 6 to AC-Hunter 7 as easy as possible. If you’ve been considering the move, this is a good time to take a look: https://docs.activecountermeasures.com/stable/v6-to-v7-migration/

As always, reach out to our support team with any questions. We’re happy to walk through the details.

Upgrading between AC-Hunter 7 versions

https://docs.activecountermeasures.com/stable/ac-hunter-installation/#upgrading-between-ac-hunter-7-versions

Download AC-Hunter v7.0.4

This new AC-Hunter v7.0.4 install bundle is available to download now in your account under Downloads.

Introducing AC-Hunter v7

We’re excited to introduce AC-Hunter v7!

Why we rebuilt it

Over the years, we heard the same themes from customers: indicators were spread across separate modules, large datasets pushed performance limits, and the interface didn’t always surface the information that mattered most. v7 addresses all three:

• Indicators are unified on a single Connection View – no more jumping between modules
• Faster imports and analysis, built to handle significantly larger datasets
• A modernized layout that puts the information you need front and center

What’s new in v7

• Rebuilt analytics engine on ClickHouse with a new version of RITA
• Simplified deployment and management to reduce setup and maintenance overhead
• New Deception Agent and workflow to expand your detection capabilities
• Tags and notes for a more collaborative analyst workflow
• New threat modifiers including prevalence-based scoring
• Fine-tuned scoring for more accurate prioritization
• Faster, easier safelisting
• Full IPv6 support
• Settings and user management now built directly into the UI
• New Zeek log transport agent for more reliable data collection
• Docker-Zeek updates to keep pace with the latest tooling
• Brand-new web based documentation

What’s next

v7 is a foundation we’re excited to build on. On the roadmap: scaling strategies for larger environments, integrations with threat intel platforms and SIEMs, and new analysis features driven by what v7’s architecture makes possible.

Migrating from v6

Because of the scope of the new architecture, v7 requires a fresh install rather than an in-place upgrade. Instructions for setup and installation can be found here.

About v6

We know not everyone will be ready to migrate right away, and that’s okay. v6 remains supported, and we’ll give plenty of notice well before anything changes. Reach out anytime if you want to discuss your timeline.

Thank you

v7 exists because of the feedback, bug reports, and feature requests we’ve received from you over the years. Thank you for helping shape the product.

The AC-Hunter v7 install bundle is available to download now in your account under Downloads.

AC-Hunter v6 Update

AC-Hunter v6.4.3 fixes a bug causing tooltip overlap, and adds support for Ubuntu 24.04 and CentOS Stream/RHEL 9.

AC-Hunter v6 Installer Update

AC-Hunter v6.4.2 fixes a package name dependency bug that prevented installation on some Ubuntu systems.

AC-Hunter v6 MongoDB Update

AC-Hunter v6.4.1 updates MongoDB to patch Mongobleed vulnerability CVE-2025-14847.