Vulnerability Priority Rating: Transition to VPR Version 2

On July 1, 2026, Tenable will standardize on an enhanced Vulnerability Priority Rating (VPR) model across the platform. This update promotes the previously released VPR (Beta) model to the primary VPR and retires the legacy VPR version 1.

The updated VPR model incorporates expanded threat intelligence, improved machine learning, and additional vulnerability context to provide more accurate and actionable risk prioritization. As a result, you may see changes to VPR scores across your environment.

For more information, see the Vulnerability Priority Rating Risk Scoring Enhancements FAQ and the Product Announcement.

What this means for API users

For most API endpoints, no action is required. Existing VPR fields will automatically reflect VPR v2 data, ensuring compatibility with your current integrations and workflows.

However, a small number of endpoints include VPR v2-specific parameters and response properties that were introduced during the beta period. These items will be deprecated on July 1, 2026 and require updates to your integrations.

Filter parameters

The following endpoints support both vpr_score and vpr_v2_score filter parameters:

• Vulnerability Management: Export vulnerabilities
• Web App Scanning: Export findings

The vpr_v2_score parameter will be deprecated. If your integrations currently use vpr_v2_score, update them to use vpr_score instead. Beginning July 1, vpr_score will reflect the updated VPR model.

Response properties

The following endpoints return both plugin.vpr and plugin.vpr_v2 objects:

• Vulnerability Management: Download vulnerabilities chunk
• Web App Scanning: Download findings export chunk

The plugin.vpr_v2 object will be deprecated. Update your integrations to use the plugin.vpr object instead. After July 1, plugin.vpr will reflect the updated VPR model.

🛑

Caution

The vpr_v2_score filter parameter and plugin.vpr_v2 response property is scheduled for deprecation on July 1, 2026 as part of the transition to VPR v2. To ensure continued functionality, update any existing integrations to use vpr_score and plugin.vpr. On the deprecation date, the API will be updated to support the new VPR model.