Skip to main content

Version 3.54 | February 22, 2026

Note

This deliverable focuses on overall system stability and performance enhancements. It primarily includes resolved issues and internal improvements.

New Features and Enhancements

Binary File Upload Limit Increased to 6GB

Enterprise customers can now upload binary files up to 6GB (previously 100MB) via the UI and supported APIs.

This update improves workflow efficiency for enterprise-scale use cases while maintaining secure and compliant file transfers.

IaC

IaC updates are documented in the IaC changelog.

DAST

No new DAST-related features or enhancements are included in this release.

CLI and Plugins Releases of February 2026

CLI Version 2.3.45

We now support running the ASCA scanner from a custom installation location. By default, when ASCA is run, the binary file is installed at $HOME/.checkmarx. Users can now manually install the binary in a custom location and then point to that location for running ASCA scans.

The ASCA location can be specificed using a new global flag: --optional-flags with the key asca-location and the value specifying the value as the custom path. Example: --optional-flags="asca-location=/home/custom/path".

Alterntatively, the key/value for the location can be specified using the environment variable CX_OPTIONAL_FLAGS.

CLI Version 2.3.44

Resolved an issue where the CLI ignored OAuth client credentials provided in the scan create command when an API key was already configured, causing incorrect authentication and permission errors. The CLI now correctly prioritizes and uses the credentials explicitly supplied in the command (API key or OAuth).

CI/CD Plugins

In February we released the following CI/CD plugin versions:

  • GitHub Actions Plugin - 2.3.31 (uses CLI v2.3.45)

Improvements and Bug Fixes

Status

Item

Platform

Description

NEW

General

GitHub Actions

General improvements and bug fixes

IDE Plugins

In February we released the following IDE plugin versions:

  • JetBrains - 2.3.3 (uses CLI v2.3.45)

  • VS Code - 2.49.0 (uses CLI v2.3.45)

Improvements and Bug Fixes

Status

Item

Platform

Description

NEW

ASCA Scanner

JetBrains, VS Code

We now support running the ASCA scanner from a custom installation location. By default, when ASCA is run, the binary file is installed at $HOME/.checkmarx. Users can now manually install the binary in a custom location and then point to that location for running ASCA scans.

The ASCA location can be specificed using a new global flag in the Additional params: --optional-flags with the key asca-location and the value specifying the value as the custom path. Example: --optional-flags="asca-location=/home/custom/path".

Alterntatively, the key/value for the location can be specified using the environment variable CX_OPTIONAL_FLAGS.

Resolved Issues

Item

Description

AST-131835

The Query Editor intermittently displayed an incorrect number of results due to a pagination issue.

AST-131494

The Query Editor navigated to an incorrect location after repeated clicks on search results.

AST-131284

Analytics and Dashboards experienced long load times and persistent spinner indicators.

AST-131047

DAST vulnerabilities were not synchronized to Analytics.

AST-126452

CSV report generation triggered a panic error.

AST-122322

DAST two-factor authentication failed when an incorrect secret key was provided.

AST-94350

Some projects were unable to update specific project predicates.

SCA-25577

SPDX files generated by the export service failed official SPDX Tools validation.

SCA-25491

The AI package finder did not function as expected.

SCA-25399

The “Explore Newer Versions” button redirected users to the main screen instead of the intended location.

SCA-25378

The zlib 1.3.1 C/C++ package was incorrectly detected as the npm package esy-zlib.

SCA-25205

SCA Auto Pull Request functionality downgraded packages incorrectly.

SCA-25130

The SCA results processor stopped processing scan events during tenant deletion.

SCA-25118

The Global Inventory tab failed to load and returned a 500 error.

SCA-25084

Binary packages were not detected in certain scans.

SCA-24965

Global Inventory counters did not load at startup, resulting in incorrect export data.

AST-133137

SCA reports failed with a database error indicating a missing column (scanr.state_name) in the query.

AST-131019

SCM scans could not be re-triggered via PR comments due to an invalid model identifier error.

AST-131003

DAST Deep Scan executions failed for certain targets.

AST-130788

SAST-RM failed to provision a worker.

AST-127325

CxLink integration with GitLab Self-Hosted failed to generate an authentication token.

AST-126911

The generated contributors Excel report contained incorrect values.

AST-124922

The SourceResolverSandbox job was not scheduled by Kubernetes within the expected startup window.

AST-122411

ASCA did not detect SSRF vulnerabilities in certain scenarios.

AST-122315

ASCA did not detect file creation without file existence checks.

AST-121083

SCA scan results in the ST environment showed zero running pods.

AST-108514

The api/data_analytics/analyticsAPI/v1 endpoint did not function as expected.

In this section: