Qualys incident

All Shared Platforms: WAS Authentication is failed with parameterized credentials

Minor Resolved View vendor source →

Qualys experienced a minor incident on April 17, 2026 affecting Web Application Scanning (WAS) and Web Application Scanning (WAS) and 1 more component, lasting 2d 17h. The incident has been resolved; the full update timeline is below.

Started
Apr 17, 2026, 12:32 PM UTC
Resolved
Apr 20, 2026, 06:29 AM UTC
Duration
2d 17h
Detected by Pingoru
Apr 17, 2026, 12:32 PM UTC

Affected components

Web Application Scanning (WAS)Web Application Scanning (WAS)Web Application Scanning (WAS)Web Application Scanning (WAS)Web Application Scanning (WAS)Web Application Scanning (WAS)Web Application Scanning (WAS)Web Application Scanning (WAS)Web Application Scanning (WAS)Web Application Scanning (WAS)

Update timeline

  1. investigating Apr 17, 2026, 12:32 PM UTC

    Qualys Cloud Operations has detected an issue impacting WAS/TAS authentication scans when parameterized credentials are used in the latest WAS 10.16 release. Further updates will be shared as they become available. Workaround: As a temporary workaround, users are advised to disable the “Add credentials to Selenium Script” option and instead manually hardcode the required credential values directly into the Selenium script. This approach has been verified to restore successful authentication. The ticket reference for this incident is IM-12596.

  2. identified Apr 17, 2026, 01:29 PM UTC

    The issue has been identified and currently working on the fix.

  3. resolved Apr 20, 2026, 06:29 AM UTC

    This incident has been resolved.