Skip to main content

Documentation Index

Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt

Use this file to discover all available pages before exploring further.

ReleaseBloodHoundOpenHoundSharpHoundAzureHound
2026-05-28v9.2.0No releasev2.13.0No release
Use the filters on the right side of this page to narrow down the updates by component. You can select multiple filters at the same time to refine your results.
BloodHound
Explore
Enhancement

Eligible Roles in the Entity Panel

Review privileged role context directly from the Entity Panel with a new Eligible Roles accordion for supported Azure principals.The accordion shows whether a user or group is eligible to activate a privileged role through AZRoleEligible relationships and whether that principal can approve a role activation request through AZRoleApprover relationships.This gives you quick, node-level context without requiring you to inspect attack paths, which improves usability and discoverability during graph exploration.
Screenshot of Eligible Roles accordion in the Entity Panel
BloodHound
Explore
Enhancement

Search Result Node Selection

Move from Search results to entity analysis faster with automatic node selection and immediate Entity Panel context.When you click a search result, the corresponding node is now automatically selected in the graph, and the Entity Panel opens with that node’s details.This eliminates the extra step of manually clicking the node after searching, streamlining your workflow and allowing you to quickly pivot from search results to deeper analysis.
Animated view of Search result selection and Entity Panel opening
BloodHound
Cypher
Enhancement

Relationship and Node Filtering Support

Use relationships(), startNode(), endNode(), and nodes() functions to inspect paths, filter by relationship data and endpoint node properties, and access the ordered list of nodes in traversal order.
BloodHound
Cypher
Enhancement

List Expansion

Expand a list into individual rows using UNWIND.UNWIND transforms a list expression into individual rows, making it possible to filter, aggregate, or sort each value separately.
BloodHound
Cypher
Enhancement

List Navigation

Access the first element in a list or all elements except the first element in a list.The head() and tail() functions help you inspect list values returned by other Cypher expressions, including node and relationship lists derived from paths.
BloodHound
Cypher
Enhancement

Query Result Sorting

Sort Cypher query results in ascending or descending order using the ORDER BY clause.Use ORDER BY with RETURN or WITH to sort results by a projected value. Ascending order is the default; append DESC for descending order.
BloodHound
Cypher
Enhancement

Multi-part Query Support

Chain query parts and pass intermediate results between them using the WITH clause.WITH lets you aggregate, filter, or alias results from one part of a query before continuing to the next. Complex queries that use WITH for aggregation and path materialization now work more reliably on PostgreSQL backends.
BloodHound
Cypher
Enhancement

Faster LIMIT Clause Evaluation

LIMIT clauses now evaluate significantly faster on PostgreSQL backends. Queries like the following return results near-instantaneously instead of hitting memory limits:
MATCH p=(a:User)-[*1..3]->(c:Computer)
RETURN p LIMIT 20
BloodHound
OpenGraph
Enhancement

Stronger OpenGraph Kind Validation

BloodHound now rejects uploads that use the reserved tag_ prefix (case-insensitive) in custom node and edge kinds. This applies to both extension definition schemas and data payloads.If you maintain extension definition schemas or data payloads, update any affected kinds to avoid failed uploads.
BloodHound
OpenGraph
Enhancement

Updated Node Schema

The OpenGraph node JSON schema now demonstrates environmentid and collected properties.This provides clearer guidance for extension developers building payloads that align with BloodHound ingest expectations, especially for extensions that produce findings and risk metrics.
BloodHound
Risk Metrics
Enhancement

Exposure Tooltip Improvements

BloodHound Enterprise logoThe Exposed tooltip on the Attack Paths page now uses platform-agnostic language. Previously, it defined exposure in terms of Active Directory and Entra object types only. As OpenGraph extensions expand BloodHound beyond Active Directory and Azure, that definition is no longer accurate.The updated tooltip instead describes exposure as a percentage of identities that can reach a privileged asset through at least one attack path.
Screenshot of updated Exposed tooltip on Attack Paths page
BloodHound
Fixed Issues

Analysis

  • Resolved an ADCS post-processing issue where managed service accounts (gMSA and sMSA) could be incorrectly filtered from certificate enrollment paths when certificate templates have SubjectAltRequireDNS or SubjectAltRequireDomainDNS enabled.
  • Resolved an issue where CoerceAndRelayNTLMToADCS edges could be incorrectly dropped and recreated during analysis, resetting their first_seen property even when no change occurred. In BloodHound Enterprise, this could cause related findings to appear remediated and then be rediscovered.

API

  • Resolved an issue where non-administrator users could trigger the Analyze Now API action through direct requests.
  • Resolved issues where filtering string fields with numeric or boolean-like values was interpreted incorrectly, causing API errors or incorrect filtering behavior.

Cypher

  • Resolved an issue where variable-length relationships with a lower bound of 0 did not correctly handle zero-hop matching; when a relationship resolves to 0 hops, the nodes on either side now bind to the same node.
  • Resolved an issue where Cypher equality comparisons for objectid values could fail when the values contained special characters.
  • Resolved an issue where combining AD_ATTACK_PATHS and AZ_ATTACK_PATHS edge shortcuts with the pipe character (|) would fail to return results from both shortcuts.
  • Resolved an issue where filtering edges by lastseen using duration-based date ranges would fail with a type compatibility error.

UI

  • Resolved an issue where importing many files at once (such as a large Cypher query library) caused the file list to expand beyond the viewport, pushing the Upload button off-screen and requiring users to zoom out to proceed. File lists now scroll within the dialog.
  • Resolved an issue where the Administration pop-out panel in the navigation sidebar could close before users selected an option.
  • Resolved an issue where filtering the Finished Jobs Log after paging could show empty results due to stale page state.
  • Resolved an issue where graph labels could render on top of node icons, reducing readability.
  • Resolved an issue where password validation in the UI for creating users was inconsistent with the API validation rules.

Access Control

BloodHound Enterprise logo
  • Resolved an issue where ETAC-scoped users could see unauthorized environments in filters on the Attack Paths, Explore, and Posture pages.
  • Resolved an issue where ETAC-scoped users could not view data from their assigned environments on the Explore page.
  • Resolved an issue where administrators could not assign an environment defined by an OpenGraph extension to a user during ETAC configuration.
SharpHound
Fixed Issues

Collection and Edge Accuracy

  • Resolved an issue where local principal kinds were labeled inconsistently, which could lead to incorrect handling of local group and local user objects.
  • Resolved an issue where AllowedToDelegate edges were not created when msDS-AllowedToDelegateTo values existed but specific delegation flags were not set.
AzureHound
Fixed Issues

Collection Compatibility

BloodHound Enterprise logo Resolved an issue for hosted edge-* AzureHound container images where an invalid collector version string caused BloodHound to reject uploads from the collector as unsupported.