Upcoming Change: IT Visibility – Query API Delta Resume Token Invalidation (Action Required on July 20, 2026)

As part of an upcoming platform update, existing IT Visibility Queries API (https://developer.flexera.com/docs/api/vis/v2#/Query) delta resume tokens will be invalidated on July 20, 2026.  

What does this mean? 

On or after July 20, 2026, any delta query that uses an existing resume token will fail. This is a one-time change required to ensure data accuracy going forward. 

What action is required? 

If you consume delta data via the Queries API, please take the following action: 

• Remove the resume token from your current request 
• Run a new query/fresh snapshot on or after July 20, 2026 to generate a new resume token 
• Use the newly generated resume token in subsequent requests to continue using delta queries.   

Additional details 

• Snapshot queries are not impacted 
• No changes are required to the Queries API endpoints or request format 
• This change applies only to delta consumers 

We recommend planning this snapshot run into your workflows ahead of time to avoid any disruption. 

If you have any questions or need assistance, please contact Flexera Support.  

Flexera One ITAM: Security vulnerability - Lack of access control leading to attachment file disclosure (CVE‑2026‑4027)

A security vulnerability has been identified in FlexNet Manager Suite that could allow unauthorized access to attachment files due to insufficient access control. This issue occurs when the application does not properly validate user permissions before allowing access to file attachments.

CVE‑2026‑4027 - Observation 1: Lack of access control leading to attachment file disclosure

Impact

An unauthorized user may be able to access attachment files without the required permissions. This could lead to unintended exposure of sensitive information, impacting the confidentiality of data managed by the platform.

Affected Version

FlexNet Manager Suite 2025 R1

FlexNet Manager Suite 2025 R2

Resolution

This vulnerability has been fixed for cloud environments and will be available to customers as part of the Flexera One ITAM May 2026 release. The fix ensures that proper access control validation is enforced before allowing access to attachment files.

For on‑premises customers, the fix will be available in FlexNet Manager Suite 2026 R1.

Upgrade Guidance

• Cloud customers will receive the fix automatically as part of the Flexera One ITAM May 2026 release
• On‑premises customers should plan to upgrade to 2026 R1 once available to remediate this vulnerability

If you need assistance with the upgrade process, please contact Flexera Support.

Upcoming enhancements to the UI:  

1. Simplified Navigation 
2. Ask Flexera 
3. Manage Inactivity Timeout

We are excited to share a set of upcoming UI enhancements designed to make your Flexera One experience simpler and more efficient. In June, you will see the following updates: 

1. Simplified Navigation Experience 

We are introducing the first phase of a redesigned navigation framework to improve usability. 

What’s new: Frequently used, consistent items—such as Home, Dashboards, Reports, Administration, etc - will now appear at the top of the main navigation menu, in a dedicated section with a refreshed visual style. 

What stays the same: Other navigation items will continue to appear below this section as they do today. 

Why it matters: This update ensures faster, more consistent access to core areas of the platform. 

2. Introducing “Ask Flexera” navigation item

A new centralized hub for intelligent assistants is coming to your navigation. 

What’s new: The Ask Flexera navigation item will bring together:  

• ITAM Assistant 
• Data Explorer 
• GraphQL Query Generator 

Why it matters: You’ll have a single, convenient place to access powerful tools that help you explore data, generate insights, and streamline workflows. 

 3. Configurable Inactivity Timeout 

Organizations will soon have greater control over session management. 

What’s new: Org Admins can configure inactivity timeout settings anywhere between 30 minutes and 6 hours. 

Why it matters: This provides flexibility to align with your organization’s security and usability preferences, replacing the current fixed 30-minute timeout. 

We will continue to roll out improvements and keep you informed every step of the way. Stay tuned for more updates as we enhance your experience! 

For queries, please contact your Flexera representative.

My team and I spent the week in Las Vegas at ServiceNow Knowledge 2026, and the biggest shift wasn’t just more AI, it was AI moving from advice to action. 

I wrote up a practical breakdown of what ServiceNow announced and the one question teams should be asking next: Do we trust the data enough for the system to act on it? 

When AI starts acting across workflows and systems, bad technology data stops being a reporting problem and starts becoming an execution problem. Governance can control and audit the workflow, but it does not fix stale, incomplete, or poorly normalized data. 

👉 You can read the blog here: AI Execution Depends on Trusted Technology Data: Takeaways from ServiceNow Knowledge 2026 

Would love to hear what stood out to you from Knowledge and where you’re seeing the biggest challenges as automation starts to scale. 

Need to Know: Web Metering 2.0

Release Date

Web Metering 2.0 will be released as part of the FlexNet Inventory Agent 25.5.0 (2025 R2.5) on May 13 for Europe and APAC, and May 20 for the Americas.

For the Snow Inventory Agent, it will be available in version 26.1.1 on June 10.

What is it

Web Metering 2.0 is an enhanced capability within Flexera that enables tracking of web application usage through browser extensions integrated with both the FlexNet and Snow agents.

At its core, it introduces a new shared web metering module that operates across both agents, enabling direct communication between the browser extensions and the agent. This modern architecture replaces the previous file-based approach, resulting in a more secure and efficient data collection process.

How it works

Web Metering 2.0 improves the data flow by redefining how browser activity is captured and processed:

• Browser extensions capture URLs visited by users
• Data is sent directly to a local agent API over HTTP or HTTPS
• The module filters and processes URLs using Allow List rules
• Only relevant and sanitized data is retained and passed to the agent
• The agent consolidates the processed data and sends it upstream for SaaS usage recognition

What has changed

No raw browsing data stored on disk

URLs are now processed before being stored. Previously, raw browsing activity was cached on disk before being processed by the agent.

Stronger protection of sensitive data

Query parameters are removed from URLs by default. Enhanced Allow List rules control what data is retained and apply masking when Personal Information is detected.

Direct communication between extension and agent

The new web metering module introduces a write-only, machine-local API endpoint running on 127.0.0.1:40400, which is not externally accessible. TLS can be configured to encrypt communication between the browser extension and the agent.

Improved troubleshooting

The new module allows testing of URL matching and sensitive data removal directly from the command line.

Improved browser coverage

This design restores support for Apple Safari following previous limitations on extension-generated data.

The Firefox extension is now available in the Mozilla store, improving the installation and update experiences.

Consistent implementation across agents

A single, shared web metering module is used across both FlexNet and Snow agents, helping standardize behaviour and simplify deployment.

Security considerations

Web Metering 2.0 is designed with a strong security-first approach to ensure customer environments remain protected while delivering accurate SaaS usage insights.

The solution uses a machine-local, non-externally accessible communication mechanism, ensuring no additional external services or attack surfaces are introduced. TLS can be enabled to further secure communication between browser extensions and the agent.

Sensitive data exposure is minimized through filtering, masking, and by avoiding unnecessary data storage.

Importantly, the feature is fully customer-controlled and opt-in, preserving existing trust boundaries and ensuring organizations maintain complete control over their data and deployment.

Official release of FlexNet Inventory Agent 25.5.0

We are pleased to announce the release of the FlexNet Inventory Agent 25.5.0.

Release Date: EU/AP: 2026-05-13, NA: 2026-05-20

This release includes:

• Support for Unicode file names in PVU hardware inventory
• Verified inventory collection support for AWS Bottlerocket Linux
• New file size and publisher fields in agent usage (.mmi) file
• Least privilege mode support for the Kubernetes agent
• High-availability support for multiple KRM controllers
• Configurable limit for concurrent KRM image scans
• Improved collection of browser extension URL data for web metering
• Improved web metering URL processing for sensitive query parameters
• Fix for containerd inventory scan being skipped when Podman scanning is enabled
• Fix for backslash characters being replaced in beacon authentication usernames on UNIX-like operating systems
• Fix for Java version information being ignored
• Fix for missing diagnostic detail when an agent upgrade package fails signature verification
• Fix for ndtrack crash caused by invalid macOS bundle plist data
• Bundled software version updated

Customer Impact:

• Previously, some PVU hardware inventory files with Unicode characters in the filename (for example, usernames containing accented characters) could be skipped during processing. Now, these inventory files are handled correctly. This enhancement helps prevent unnecessary creation of duplicate inventory files.
• Inventory collection support for Bottlerocket Linux environments has been verified for the Flexera Kubernetes Inventory Agent (KRM) and the Linux inventory agent. This enhancement provides clearer deployment guidance for Kubernetes environments using Bottlerocket.
• Previously, the agent usage file (.mmi) did not include file size and publisher information. Now, the .mmi output includes these additional fields. This enhancement improves the usefulness of usage data for some reporting scenarios.
• Previously, the Kubernetes agent required elevated privileges to run, which could be a blocker in environments with strict security policies. Now, the Kubernetes agent can be run in a least privilege mode. This enhancement supports improved security posture and broader deployability.
• Previously, Kubernetes agent deployments did not support configuring multiple controllers in a high availability pattern. Now, multiple KRM controllers can be deployed so that only one is active while others remain passive and can take over if needed. This enhancement supports high availability requirements and improves resilience.
• Previously, the Kubernetes agent could initiate an unlimited number of concurrent container inventory scans when first deployed, which could result in a high volume of simultaneous requests to the Kubernetes API server. Now, the number of concurrent container inventory scans is limited to 10 by default. This limit is configurable to suit the environment's requirements.
• Previously, collecting web metering URL data from browser extensions had limitations in some environments (including Safari) and required approaches that were harder to standardize across browsers. Now, the solution for obtaining URL data has been improved and unified across supported browsers. This enhancement improves compatibility and supports future security and processing improvements.
• NOTE: This enhancement requires the updated browser extensions. The previous browser extensions are not compatible with this release.
• Previously, web metering URL collection could include unnecessary query parameter values that might contain sensitive information. Now, URL processing supports masking or dropping sensitive query parameters according to updated allowlist rules. This enhancement helps reduce privacy risk and unnecessary data transmission.
• Previously, enabling both containerd inventory scanning and Podman inventory scanning on the FlexNet Inventory Agent for Linux could cause containerd inventory collection to be skipped. This release resolves this issue.
• Previously, usernames containing backslash (\) characters (for example, in domain\user formats) could be rewritten with forward slashes (/) when applying configuration on UNIX-like operating systems. This release resolves this issue.
• Previously, valid Java version information could be ignored if the java -version command returned a non-zero exit code, even when the version output was present. This release resolves this issue.
• Previously, if a downloaded upgrade package failed signature verification, the agent logs could provide only a generic "Signature check failed" message without additional detail. This release resolves this issue.
• Previously, the FlexNet Inventory Agent for macOS could crash when reading certain bundle .plist files containing embedded newlines or carriage returns in key fields. This release resolves this issue.
• The OpenSSL, Go, Moby (replaced Docker), Podman, and Kubernetes third party libraries bundled with the agent have been updated in this release to address security vulnerabilities.

IMPORTANT

This release updates the Docker client library to be compatible with Docker Engine 29.3.x and 29.4.x. The update requires Docker Engine API version 1.40 or later to be present on the machine running fnms-docker-monitor. Docker versions 18 and 19, which use Docker Engine API version 1.39, are no longer supported. If the installed Docker Engine does not meet this requirement, fnms-docker-monitor will be unable to connect to the Docker API and will not collect any inventory data.

Product Documentation: Agent Documentation 

Please find more about the content of this release in the Release Notes.

Upcoming Change: IT Visibility – Data Export Retention Policy Update 

We’re updating the retention period for ZIP data exports available on the IT Visibility > Data Exports page. 

Starting in June 2026, all data exports will be retained for 30 days from the “Requested” date, after which they will be automatically and permanently deleted. 

 Rollout schedule by region 

• APAC: 1 June 2026 
• EU: 4 June 2026 
• NAM: 9 June 2026 

What this means for you 

• Any export requested on or after your region’s effective date will be available for download for 30 days. 
• Any existing exports that are already older than 30 days at the time of rollout will be permanently removed on the rollout date. 

What’s new 

To help you track this more easily, a new “Days Until Deletion” column will be added to the Data Exports page. This will show how many days remain before each export is deleted. 

Please ensure you download and securely store any exports you need before the 30‑day retention period expires. Once deleted, exports cannot be recovered. 

If you have any questions, please contact Flexera Support. 

MSP Users Access Management with Access Policies in Flexera One – Early Access

Release date: April 28, 2026

We’re excited to announce the Early Access release of MSP Users Access Management with Access Policies in Flexera One, enabling MSP partners to centrally manage and enforce user access across customer environments using consistent, policy-based controls. This enhancement strengthens governance while simplifying how MSPs administer user permissions at scale. 

Value Outcomes

• Reduced administrative effort through centralized, policy-based access management
• Improved security and compliance via consistent access enforcement
• Better scalability for MSP operations as customer and user volumes grow
• Increased confidence for both MSPs and customers in how access is governed within Flexera One 

Please reach out to your Flexera representative if you would like to join Early Access. Documentation can be provided upon request.