Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    577 vulnerabilities by Tenable

    CERTFR-2026-AVI-0804

    Vulnerability from certfr_avis - Published: 2026-06-26 - Updated: 2026-06-26

    De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer une injection SQL (SQLi).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Nessus Nessus versions antérieures à 10.12.0
    References
    Bulletin de sécurité Tenable tns-2026-17 2026-06-24 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Nessus versions ant\u00e9rieures \u00e0 10.12.0",
          "product": {
            "name": "Nessus",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-57588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-57588"
        },
        {
          "name": "CVE-2026-57587",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-57587"
        }
      ],
      "initial_release_date": "2026-06-26T00:00:00",
      "last_revision_date": "2026-06-26T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0804",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-26T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection SQL (SQLi)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus. Elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
      "vendor_advisories": [
        {
          "published_at": "2026-06-24",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-17",
          "url": "https://www.tenable.com/security/tns-2026-17"
        }
      ]
    }

    CERTFR-2026-AVI-0796

    Vulnerability from certfr_avis - Published: 2026-06-24 - Updated: 2026-06-24

    De multiples vulnérabilités ont été découvertes dans Tenable Identity Exposure. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Identity Exposure Tenable Identity Exposure versions antérieures à v3.93.5
    References
    Bulletin de sécurité Tenable tns-2026-16 2026-06-23 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Tenable Identity Exposure versions ant\u00e9rieures \u00e0 v3.93.5",
          "product": {
            "name": "Identity Exposure",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-66199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
        },
        {
          "name": "CVE-2026-42789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42789"
        },
        {
          "name": "CVE-2026-21637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
        },
        {
          "name": "CVE-2026-34180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34180"
        },
        {
          "name": "CVE-2025-55248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
        },
        {
          "name": "CVE-2026-35188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35188"
        },
        {
          "name": "CVE-2026-42766",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42766"
        },
        {
          "name": "CVE-2026-9076",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9076"
        },
        {
          "name": "CVE-2025-15469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
        },
        {
          "name": "CVE-2026-1965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1965"
        },
        {
          "name": "CVE-2026-34181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34181"
        },
        {
          "name": "CVE-2026-42790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42790"
        },
        {
          "name": "CVE-2026-42770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42770"
        },
        {
          "name": "CVE-2025-69419",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
        },
        {
          "name": "CVE-2026-3783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3783"
        },
        {
          "name": "CVE-2026-6429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6429"
        },
        {
          "name": "CVE-2026-32167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32167"
        },
        {
          "name": "CVE-2026-32175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32175"
        },
        {
          "name": "CVE-2026-28386",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28386"
        },
        {
          "name": "CVE-2026-45445",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45445"
        },
        {
          "name": "CVE-2026-45591",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45591"
        },
        {
          "name": "CVE-2025-15467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
        },
        {
          "name": "CVE-2025-55130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
        },
        {
          "name": "CVE-2025-55131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
        },
        {
          "name": "CVE-2025-59465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
        },
        {
          "name": "CVE-2026-7383",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7383"
        },
        {
          "name": "CVE-2026-21715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
        },
        {
          "name": "CVE-2026-42771",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42771"
        },
        {
          "name": "CVE-2026-35433",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35433"
        },
        {
          "name": "CVE-2026-22795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
        },
        {
          "name": "CVE-2026-26130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26130"
        },
        {
          "name": "CVE-2026-33120",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33120"
        },
        {
          "name": "CVE-2026-28389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
        },
        {
          "name": "CVE-2026-42765",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42765"
        },
        {
          "name": "CVE-2026-21717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
        },
        {
          "name": "CVE-2025-69421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
        },
        {
          "name": "CVE-2026-42769",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42769"
        },
        {
          "name": "CVE-2026-6253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6253"
        },
        {
          "name": "CVE-2026-7009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7009"
        },
        {
          "name": "CVE-2026-21716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
        },
        {
          "name": "CVE-2026-22796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
        },
        {
          "name": "CVE-2026-42899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42899"
        },
        {
          "name": "CVE-2026-21262",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21262"
        },
        {
          "name": "CVE-2026-26171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26171"
        },
        {
          "name": "CVE-2026-32203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32203"
        },
        {
          "name": "CVE-2025-55132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
        },
        {
          "name": "CVE-2026-45447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45447"
        },
        {
          "name": "CVE-2025-55247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55247"
        },
        {
          "name": "CVE-2025-14017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14017"
        },
        {
          "name": "CVE-2026-3805",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3805"
        },
        {
          "name": "CVE-2026-28387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
        },
        {
          "name": "CVE-2026-28388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
        },
        {
          "name": "CVE-2026-32177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32177"
        },
        {
          "name": "CVE-2026-21714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
        },
        {
          "name": "CVE-2026-45446",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45446"
        },
        {
          "name": "CVE-2026-40370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40370"
        },
        {
          "name": "CVE-2026-13007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-13007"
        },
        {
          "name": "CVE-2025-68160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
        },
        {
          "name": "CVE-2026-34183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34183"
        },
        {
          "name": "CVE-2025-13034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13034"
        },
        {
          "name": "CVE-2026-28390",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
        },
        {
          "name": "CVE-2026-45490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45490"
        },
        {
          "name": "CVE-2025-14524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
        },
        {
          "name": "CVE-2026-42767",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42767"
        },
        {
          "name": "CVE-2026-4873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4873"
        },
        {
          "name": "CVE-2025-69418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
        },
        {
          "name": "CVE-2025-59466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
        },
        {
          "name": "CVE-2025-15468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
        },
        {
          "name": "CVE-2026-21713",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
        },
        {
          "name": "CVE-2026-33116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33116"
        },
        {
          "name": "CVE-2026-42764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42764"
        },
        {
          "name": "CVE-2026-31789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
        },
        {
          "name": "CVE-2026-5773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5773"
        },
        {
          "name": "CVE-2026-32178",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32178"
        },
        {
          "name": "CVE-2026-6276",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6276"
        },
        {
          "name": "CVE-2026-42768",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42768"
        },
        {
          "name": "CVE-2025-11187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
        },
        {
          "name": "CVE-2025-15079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15079"
        },
        {
          "name": "CVE-2026-2673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
        },
        {
          "name": "CVE-2026-45491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45491"
        },
        {
          "name": "CVE-2025-14819",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
        },
        {
          "name": "CVE-2026-34182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34182"
        },
        {
          "name": "CVE-2025-55315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
        },
        {
          "name": "CVE-2026-21218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21218"
        },
        {
          "name": "CVE-2026-7168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7168"
        },
        {
          "name": "CVE-2026-32176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32176"
        },
        {
          "name": "CVE-2025-69420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
        },
        {
          "name": "CVE-2025-15224",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15224"
        },
        {
          "name": "CVE-2026-31790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
        },
        {
          "name": "CVE-2026-5545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5545"
        },
        {
          "name": "CVE-2026-21710",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
        },
        {
          "name": "CVE-2026-3784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3784"
        }
      ],
      "initial_release_date": "2026-06-24T00:00:00",
      "last_revision_date": "2026-06-24T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0796",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-24T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Identity Exposure. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Identity Exposure",
      "vendor_advisories": [
        {
          "published_at": "2026-06-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-16",
          "url": "https://www.tenable.com/security/tns-2026-16"
        }
      ]
    }

    CERTFR-2026-AVI-0630

    Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22

    De multiples vulnérabilités ont été découvertes dans Tenable Sensor Proxy. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Sensor Proxy Sensor Proxy versions antérieures à 1.4.0
    References
    Bulletin de sécurité Tenable tns-2026-15 2026-05-21 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Sensor Proxy versions ant\u00e9rieures \u00e0 1.4.0",
          "product": {
            "name": "Sensor Proxy",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-24989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24989"
        },
        {
          "name": "CVE-2024-7347",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7347"
        },
        {
          "name": "CVE-2024-34161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34161"
        },
        {
          "name": "CVE-2024-32760",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32760"
        },
        {
          "name": "CVE-2024-39702",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39702"
        },
        {
          "name": "CVE-2024-35200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35200"
        },
        {
          "name": "CVE-2024-31079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-31079"
        },
        {
          "name": "CVE-2024-24990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24990"
        }
      ],
      "initial_release_date": "2026-05-22T00:00:00",
      "last_revision_date": "2026-05-22T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0630",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-22T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Sensor Proxy. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Sensor Proxy",
      "vendor_advisories": [
        {
          "published_at": "2026-05-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-15",
          "url": "https://www.tenable.com/security/tns-2026-15"
        }
      ]
    }

    CERTFR-2026-AVI-0489

    Vulnerability from certfr_avis - Published: 2026-04-24 - Updated: 2026-04-24

    Une vulnérabilité a été découverte dans les produits Tenable. Elle permet à un attaquant de provoquer une exécution de code arbitraire et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Nessus Nessus versions antérieures à 10.11.4
    Tenable Nessus Agent Nessus Agent versions antérieures à 11.1.3
    References
    Bulletin de sécurité Tenable tns-2026-12 2026-04-23 vendor-advisory
    Bulletin de sécurité Tenable tns-2026-13 2026-04-23 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Nessus versions ant\u00e9rieures \u00e0 10.11.4",
          "product": {
            "name": "Nessus",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        },
        {
          "description": "Nessus Agent versions ant\u00e9rieures \u00e0 11.1.3",
          "product": {
            "name": "Nessus Agent",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-33694",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33694"
        }
      ],
      "initial_release_date": "2026-04-24T00:00:00",
      "last_revision_date": "2026-04-24T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0489",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-24T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Tenable. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans les produits Tenable",
      "vendor_advisories": [
        {
          "published_at": "2026-04-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-12",
          "url": "https://www.tenable.com/security/tns-2026-12"
        },
        {
          "published_at": "2026-04-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-13",
          "url": "https://www.tenable.com/security/tns-2026-13"
        }
      ]
    }

    CERTFR-2026-AVI-0436

    Vulnerability from certfr_avis - Published: 2026-04-15 - Updated: 2026-04-16

    De multiples vulnérabilités ont été découvertes dans Tenable Identity Exposure. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Identity Exposure Identity Exposure versions antérieures à 3.77.17
    References
    Bulletin de sécurité Tenable tns-2026-11 2026-04-14 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.77.17",
          "product": {
            "name": "Identity Exposure",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-23943",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23943"
        },
        {
          "name": "CVE-2026-21637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
        },
        {
          "name": "CVE-2026-23942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23942"
        },
        {
          "name": "CVE-2026-1965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1965"
        },
        {
          "name": "CVE-2026-23941",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23941"
        },
        {
          "name": "CVE-2026-3783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3783"
        },
        {
          "name": "CVE-2025-55130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
        },
        {
          "name": "CVE-2025-55131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
        },
        {
          "name": "CVE-2025-59465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
        },
        {
          "name": "CVE-2026-21715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
        },
        {
          "name": "CVE-2026-26130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26130"
        },
        {
          "name": "CVE-2026-21717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
        },
        {
          "name": "CVE-2026-21716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
        },
        {
          "name": "CVE-2026-21262",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21262"
        },
        {
          "name": "CVE-2025-55132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
        },
        {
          "name": "CVE-2026-3805",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3805"
        },
        {
          "name": "CVE-2026-26115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26115"
        },
        {
          "name": "CVE-2026-21714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
        },
        {
          "name": "CVE-2025-59466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
        },
        {
          "name": "CVE-2026-21713",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
        },
        {
          "name": "CVE-2026-21218",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21218"
        },
        {
          "name": "CVE-2026-21710",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
        },
        {
          "name": "CVE-2026-3784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3784"
        }
      ],
      "initial_release_date": "2026-04-15T00:00:00",
      "last_revision_date": "2026-04-16T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0436",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-15T00:00:00.000000"
        },
        {
          "description": "Ajout des identifiants CVE-2026-1965, CVE-2026-3783, CVE-2026-3784 et CVE-2026-3805.",
          "revision_date": "2026-04-16T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Identity Exposure. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Identity Exposure",
      "vendor_advisories": [
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-11",
          "url": "https://www.tenable.com/security/tns-2026-11"
        }
      ]
    }

    CERTFR-2026-AVI-0415

    Vulnerability from certfr_avis - Published: 2026-04-10 - Updated: 2026-04-10

    De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Security Center Security Center versions 6.5.1, 6.6.0, 6.7.2 et 6.8.0 sans le correctif de sécurité SC202604.1
    References
    Bulletin de sécurité Tenable tns-2026-10 2026-04-07 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Security Center versions 6.5.1, 6.6.0, 6.7.2 et 6.8.0 sans le correctif de s\u00e9curit\u00e9 SC202604.1",
          "product": {
            "name": "Security Center",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-2006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
        },
        {
          "name": "CVE-2026-2005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
        },
        {
          "name": "CVE-2026-2003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
        },
        {
          "name": "CVE-2026-2004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
        }
      ],
      "initial_release_date": "2026-04-10T00:00:00",
      "last_revision_date": "2026-04-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0415",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
      "vendor_advisories": [
        {
          "published_at": "2026-04-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-10",
          "url": "https://www.tenable.com/security/tns-2026-10"
        }
      ]
    }

    CERTFR-2026-AVI-0351

    Vulnerability from certfr_avis - Published: 2026-03-25 - Updated: 2026-03-25

    Une vulnérabilité a été découverte dans Tenable OT Platform. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable OT Platform OT Platform versions antérieures à 4.2.40 sans le correctif de sécurité tenable-ot-platform-137
    References
    Bulletin de sécurité Tenable tns-2026-9 2026-03-19 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "OT Platform versions ant\u00e9rieures \u00e0 4.2.40 sans le correctif de s\u00e9curit\u00e9 tenable-ot-platform-137",
          "product": {
            "name": "OT Platform",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-4433",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4433"
        }
      ],
      "initial_release_date": "2026-03-25T00:00:00",
      "last_revision_date": "2026-03-25T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0351",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-25T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Tenable OT Platform. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Tenable OT Platform",
      "vendor_advisories": [
        {
          "published_at": "2026-03-19",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-9",
          "url": "https://www.tenable.com/security/tns-2026-9"
        }
      ]
    }

    CERTFR-2026-AVI-0234

    Vulnerability from certfr_avis - Published: 2026-03-04 - Updated: 2026-03-04

    Une vulnérabilité a été découverte dans Tenable Nessus Manager. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Nessus Manager Nessus Manager versions antérieures à 10.10.3
    Tenable Nessus Manager Nessus Manager versions 10.11.x antérieures à 10.11.3
    References
    Bulletin de sécurité Tenable tns-2026-08 2026-03-03 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Nessus Manager versions ant\u00e9rieures \u00e0 10.10.3 ",
          "product": {
            "name": "Nessus Manager",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        },
        {
          "description": "Nessus Manager versions 10.11.x ant\u00e9rieures \u00e0 10.11.3",
          "product": {
            "name": "Nessus Manager",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-3493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3493"
        }
      ],
      "initial_release_date": "2026-03-04T00:00:00",
      "last_revision_date": "2026-03-04T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0234",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-04T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Tenable Nessus Manager. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Tenable Nessus Manager",
      "vendor_advisories": [
        {
          "published_at": "2026-03-03",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-08",
          "url": "https://www.tenable.com/security/tns-2026-08"
        }
      ]
    }

    CERTFR-2026-AVI-0187

    Vulnerability from certfr_avis - Published: 2026-02-19 - Updated: 2026-02-23

    De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Security Center Security Center versions antérieures à 6.8.0
    References
    Bulletin de sécurité Tenable tns-2026-07 2026-02-18 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Security Center versions ant\u00e9rieures \u00e0 6.8.0",
          "product": {
            "name": "Security Center",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2023-6918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
        },
        {
          "name": "CVE-2025-12818",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
        },
        {
          "name": "CVE-2026-2697",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2697"
        },
        {
          "name": "CVE-2026-2698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2698"
        }
      ],
      "initial_release_date": "2026-02-19T00:00:00",
      "last_revision_date": "2026-02-23T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0187",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-02-19T00:00:00.000000"
        },
        {
          "description": "Retrait de l\u0027identifiant CVE-2021-46743 suite \u00e0 la mise \u00e0 jour de l\u0027avis \u00e9diteur",
          "revision_date": "2026-02-23T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
      "vendor_advisories": [
        {
          "published_at": "2026-02-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-07",
          "url": "https://www.tenable.com/security/tns-2026-07"
        }
      ]
    }

    CERTFR-2026-AVI-0178

    Vulnerability from certfr_avis - Published: 2026-02-18 - Updated: 2026-02-18

    De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Tenable Security Center Security Center versions 6.5.x antérieures à 6.5.1 sans les correctifs de sécurité SC-202602.1 et SC-202602.2
    Tenable Security Center Security Center versions 6.6.x antérieures à 6.6.0 sans les correctifs de sécurité SC-202602.1 et SC-202602.2
    Tenable Security Center Security Center versions 6.7.x antérieures à 6.7.2 sans les correctifs de sécurité SC-202602.1 et SC-202602.2
    References
    Bulletin de sécurité Tenable tns-2026-06 2026-02-17 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Security Center versions 6.5.x ant\u00e9rieures \u00e0 6.5.1 sans les correctifs de s\u00e9curit\u00e9 SC-202602.1 et SC-202602.2",
          "product": {
            "name": "Security Center",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        },
        {
          "description": "Security Center versions 6.6.x ant\u00e9rieures \u00e0 6.6.0 sans les correctifs de s\u00e9curit\u00e9 SC-202602.1 et SC-202602.2",
          "product": {
            "name": "Security Center",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        },
        {
          "description": "Security Center versions 6.7.x ant\u00e9rieures \u00e0 6.7.2 sans les correctifs de s\u00e9curit\u00e9 SC-202602.1 et SC-202602.2",
          "product": {
            "name": "Security Center",
            "vendor": {
              "name": "Tenable",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-14177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14177"
        },
        {
          "name": "CVE-2025-14017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14017"
        },
        {
          "name": "CVE-2025-54090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54090"
        },
        {
          "name": "CVE-2025-13034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13034"
        },
        {
          "name": "CVE-2025-14180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14180"
        },
        {
          "name": "CVE-2025-14524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
        },
        {
          "name": "CVE-2025-15079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15079"
        },
        {
          "name": "CVE-2026-2630",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2630"
        },
        {
          "name": "CVE-2025-14819",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
        },
        {
          "name": "CVE-2025-14178",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14178"
        },
        {
          "name": "CVE-2025-15224",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15224"
        }
      ],
      "initial_release_date": "2026-02-18T00:00:00",
      "last_revision_date": "2026-02-18T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0178",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-02-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
      "vendor_advisories": [
        {
          "published_at": "2026-02-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2026-06",
          "url": "https://www.tenable.com/security/tns-2026-06"
        }
      ]
    }

    CVE-2026-57588 (GCVE-0-2026-57588)

    Vulnerability from nvd – Published: 2026-06-25 13:47 – Updated: 2026-06-25 15:49
    VLAI
    Title
    SQL Injection in Nessus via Malicious Scan Result File Import
    Summary
    A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Nessus Affected: prior to 10.12.1
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T15:33:30.885696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T15:33:40.841Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nessus",
              "vendor": "tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 10.12.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "temporalScore": 3.1,
                "temporalSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 1.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T15:49:55.857Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "TNS-2026-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2026-17"
            }
          ],
          "title": "SQL Injection in Nessus via Malicious Scan Result File Import",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-57588",
        "datePublished": "2026-06-25T13:47:27.757Z",
        "dateReserved": "2026-06-24T19:21:39.666Z",
        "dateUpdated": "2026-06-25T15:49:55.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57587 (GCVE-0-2026-57587)

    Vulnerability from nvd – Published: 2026-06-25 13:47 – Updated: 2026-06-25 15:49
    VLAI
    Title
    SQL Injection in Nessus via Reverse DNS Lookup
    Summary
    A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Nessus Affected: prior to 10.12.1
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T15:34:47.945679Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T15:35:03.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nessus",
              "vendor": "tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 10.12.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "temporalScore": 4.9,
                "temporalSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T15:49:55.625Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "TNS-2026-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2026-17"
            }
          ],
          "title": "SQL Injection in Nessus via Reverse DNS Lookup",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-57587",
        "datePublished": "2026-06-25T13:47:27.497Z",
        "dateReserved": "2026-06-24T19:21:39.666Z",
        "dateUpdated": "2026-06-25T15:49:55.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13007 (GCVE-0-2026-13007)

    Vulnerability from nvd – Published: 2026-06-23 15:59 – Updated: 2026-06-23 17:48
    VLAI
    Title
    Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure
    Summary
    Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-524 - Use of Cache Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Tenable Identity Exposure Affected: 0 , < 3.93.5 (semver)
    Create a notification for this product.
    Date Public
    2026-06-23 00:00
    Credits
    Cobalt (Tenable-commissioned penetration test)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13007",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T17:47:42.661656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T17:48:03.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tenable Identity Exposure",
              "vendor": "tenable",
              "versions": [
                {
                  "lessThan": "3.93.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cobalt (Tenable-commissioned penetration test)"
            }
          ],
          "datePublic": "2026-06-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "Use of Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T15:59:50.522Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "TNS-2026-16",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tenable.com/security/research/tns-2026-16"
            }
          ],
          "title": "Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-13007",
        "datePublished": "2026-06-23T15:59:50.522Z",
        "dateReserved": "2026-06-23T14:57:21.550Z",
        "dateUpdated": "2026-06-23T17:48:03.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47358 (GCVE-0-2026-47358)

    Vulnerability from nvd – Published: 2026-05-19 15:53 – Updated: 2026-05-19 17:08
    VLAI
    Summary
    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    • CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Terrascan Affected: 0 , ≤ 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T17:07:58.328388Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T17:08:41.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Terrascan",
              "vendor": "tenable",
              "versions": [
                {
                  "lessThanOrEqual": "1.18.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "Externally Controlled Reference to a Resource in Another Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T15:53:09.261Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "Terrascan GitHub Repository",
              "url": "https://github.com/tenable/terrascan"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-47358",
        "datePublished": "2026-05-19T15:53:09.261Z",
        "dateReserved": "2026-05-19T13:49:09.883Z",
        "dateUpdated": "2026-05-19T17:08:41.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47357 (GCVE-0-2026-47357)

    Vulnerability from nvd – Published: 2026-05-19 15:53 – Updated: 2026-05-19 17:09
    VLAI
    Summary
    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    • CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Terrascan Affected: 0 , ≤ 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T17:09:02.885966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T17:09:32.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Terrascan",
              "vendor": "tenable",
              "versions": [
                {
                  "lessThanOrEqual": "1.18.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to \"http\". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter\u0027s HttpGetter supports the X-Terraform-Get response header, allowing the attacker\u0027s server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "Externally Controlled Reference to a Resource in Another Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T15:53:05.222Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "Terrascan GitHub Repository",
              "url": "https://github.com/tenable/terrascan"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-47357",
        "datePublished": "2026-05-19T15:53:05.222Z",
        "dateReserved": "2026-05-19T13:49:09.883Z",
        "dateUpdated": "2026-05-19T17:09:32.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47356 (GCVE-0-2026-47356)

    Vulnerability from nvd – Published: 2026-05-19 15:53 – Updated: 2026-05-19 17:10
    VLAI
    Summary
    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Terrascan Affected: 0 , ≤ 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T17:10:14.189839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T17:10:33.161Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Terrascan",
              "vendor": "tenable",
              "versions": [
                {
                  "lessThanOrEqual": "1.18.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T15:53:04.821Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "Terrascan GitHub Repository",
              "url": "https://github.com/tenable/terrascan"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-47356",
        "datePublished": "2026-05-19T15:53:04.821Z",
        "dateReserved": "2026-05-19T13:49:09.883Z",
        "dateUpdated": "2026-05-19T17:10:33.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2698 (GCVE-0-2026-2698)

    Vulnerability from nvd – Published: 2026-02-23 16:28 – Updated: 2026-02-23 18:17
    VLAI
    Title
    Improper Access Control
    Summary
    An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    Tenable Security Center Affected: 0 , < 6.8.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:17:07.564162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:17:26.382Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Security Center",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "6.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope."
                }
              ],
              "value": "An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T16:28:07.711Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://https://www.tenable.com/security/tns-2026-07"
            },
            {
              "url": "https://https://docs.tenable.com/release-notes/Content/security-center/2026.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote: \u003c/strong\u003ePatches that include fixes for \u003cu\u003eApache, PHP and Libcurl\u003c/u\u003e\u0026nbsp;were recently released (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/security/tns-2026-06)\"\u003ehttps://www.tenable.com/security/tns-2026-06)\u003c/a\u003e. Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.tenable.com/release-notes/Content/security-center/2026.htm\"\u003eTenable SC Release Notes\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e"
                }
              ],
              "value": "Tenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/security-center \n\nNote: Patches that include fixes for Apache, PHP and Libcurl\u00a0were recently released ( https://www.tenable.com/security/tns-2026-06) . Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the  Tenable SC Release Notes https://docs.tenable.com/release-notes/Content/security-center/2026.htm \u00a0for more information."
            }
          ],
          "source": {
            "advisory": "tns-2026-07",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-2698",
        "datePublished": "2026-02-23T16:28:07.711Z",
        "dateReserved": "2026-02-18T15:44:14.404Z",
        "dateUpdated": "2026-02-23T18:17:26.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2697 (GCVE-0-2026-2697)

    Vulnerability from nvd – Published: 2026-02-23 15:17 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Indirect Object Reference (IDOR) in Security Center
    Summary
    An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Security Center Affected: 0 , < 6.8.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2697",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T04:56:37.938906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:10.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Security Center",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "6.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter."
                }
              ],
              "value": "An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T15:17:13.031Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2026-07"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote: \u003c/strong\u003ePatches that include fixes for \u003cu\u003eApache, PHP and Libcurl\u003c/u\u003e\u0026nbsp;were recently released (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/security/tns-2026-06)\"\u003ehttps://www.tenable.com/security/tns-2026-06)\u003c/a\u003e. Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.tenable.com/release-notes/Content/security-center/2026.htm\"\u003eTenable SC Release Notes\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e"
                }
              ],
              "value": "Tenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/security-center \n\nNote: Patches that include fixes for Apache, PHP and Libcurl\u00a0were recently released ( https://www.tenable.com/security/tns-2026-06) . Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the  Tenable SC Release Notes https://docs.tenable.com/release-notes/Content/security-center/2026.htm \u00a0for more information."
            }
          ],
          "source": {
            "advisory": "tns-2026-07",
            "discovery": "EXTERNAL"
          },
          "title": "Indirect Object Reference (IDOR) in Security Center",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-2697",
        "datePublished": "2026-02-23T15:17:13.031Z",
        "dateReserved": "2026-02-18T15:05:03.676Z",
        "dateUpdated": "2026-02-26T14:44:10.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2630 (GCVE-0-2026-2630)

    Vulnerability from nvd – Published: 2026-02-17 18:19 – Updated: 2026-02-26 14:44
    VLAI
    Title
    [R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2
    Summary
    A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Security Center Affected: 0 , ≤ 6.7.2 (semver)
    Create a notification for this product.
    Date Public
    2026-02-17 07:00
    Credits
    Bernard Santillan, OSC Technical Solutions
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2630",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:27.819095Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:19.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Security Center",
              "vendor": "Tenable",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "SC-202602.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "6.7.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "6.7.2",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bernard Santillan, OSC Technical Solutions"
            }
          ],
          "datePublic": "2026-02-17T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T19:39:57.069Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2026-06"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Tenable has released Security Center Patch SC-202602.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Tenable has released Security Center Patch SC-202602.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/security-center"
            }
          ],
          "source": {
            "advisory": "tns-2026-06",
            "discovery": "EXTERNAL"
          },
          "title": "[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-2630",
        "datePublished": "2026-02-17T18:19:38.416Z",
        "dateReserved": "2026-02-17T14:22:13.573Z",
        "dateUpdated": "2026-02-26T14:44:19.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2026 (GCVE-0-2026-2026)

    Vulnerability from nvd – Published: 2026-02-13 16:14 – Updated: 2026-02-13 16:58
    VLAI
    Title
    Improper Access Control Allows Denial of Service
    Summary
    A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Agent Affected: 11.1.0 , < 11.1.2 (semver)
    Affected: 0 , < 11.0.4 (semver)
    Create a notification for this product.
    Date Public
    2026-02-12 19:00
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2026",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T16:58:49.586878Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T16:58:59.807Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Agent",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "11.1.2",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "11.1.2",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "11.0.4",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "datePublic": "2026-02-12T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."
                }
              ],
              "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T16:14:23.789Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2026-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus)\"\u003ehttps://www.tenable.com/downloads/nessus)\u003c/a\u003e.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus) ."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control Allows Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-2026",
        "datePublished": "2026-02-13T16:14:23.789Z",
        "dateReserved": "2026-02-05T21:05:54.081Z",
        "dateUpdated": "2026-02-13T16:58:59.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57588 (GCVE-0-2026-57588)

    Vulnerability from cvelistv5 – Published: 2026-06-25 13:47 – Updated: 2026-06-25 15:49
    VLAI
    Title
    SQL Injection in Nessus via Malicious Scan Result File Import
    Summary
    A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Nessus Affected: prior to 10.12.1
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T15:33:30.885696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T15:33:40.841Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nessus",
              "vendor": "tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 10.12.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "temporalScore": 3.1,
                "temporalSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 1.6,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T15:49:55.857Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "TNS-2026-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2026-17"
            }
          ],
          "title": "SQL Injection in Nessus via Malicious Scan Result File Import",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-57588",
        "datePublished": "2026-06-25T13:47:27.757Z",
        "dateReserved": "2026-06-24T19:21:39.666Z",
        "dateUpdated": "2026-06-25T15:49:55.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57587 (GCVE-0-2026-57587)

    Vulnerability from cvelistv5 – Published: 2026-06-25 13:47 – Updated: 2026-06-25 15:49
    VLAI
    Title
    SQL Injection in Nessus via Reverse DNS Lookup
    Summary
    A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Nessus Affected: prior to 10.12.1
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T15:34:47.945679Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T15:35:03.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nessus",
              "vendor": "tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 10.12.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "temporalScore": 4.9,
                "temporalSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T15:49:55.625Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "TNS-2026-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2026-17"
            }
          ],
          "title": "SQL Injection in Nessus via Reverse DNS Lookup",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-57587",
        "datePublished": "2026-06-25T13:47:27.497Z",
        "dateReserved": "2026-06-24T19:21:39.666Z",
        "dateUpdated": "2026-06-25T15:49:55.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13007 (GCVE-0-2026-13007)

    Vulnerability from cvelistv5 – Published: 2026-06-23 15:59 – Updated: 2026-06-23 17:48
    VLAI
    Title
    Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure
    Summary
    Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-524 - Use of Cache Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Tenable Identity Exposure Affected: 0 , < 3.93.5 (semver)
    Create a notification for this product.
    Date Public
    2026-06-23 00:00
    Credits
    Cobalt (Tenable-commissioned penetration test)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13007",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T17:47:42.661656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T17:48:03.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tenable Identity Exposure",
              "vendor": "tenable",
              "versions": [
                {
                  "lessThan": "3.93.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cobalt (Tenable-commissioned penetration test)"
            }
          ],
          "datePublic": "2026-06-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "Use of Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T15:59:50.522Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "TNS-2026-16",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tenable.com/security/research/tns-2026-16"
            }
          ],
          "title": "Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-13007",
        "datePublished": "2026-06-23T15:59:50.522Z",
        "dateReserved": "2026-06-23T14:57:21.550Z",
        "dateUpdated": "2026-06-23T17:48:03.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47358 (GCVE-0-2026-47358)

    Vulnerability from cvelistv5 – Published: 2026-05-19 15:53 – Updated: 2026-05-19 17:08
    VLAI
    Summary
    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    • CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Terrascan Affected: 0 , ≤ 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T17:07:58.328388Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T17:08:41.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Terrascan",
              "vendor": "tenable",
              "versions": [
                {
                  "lessThanOrEqual": "1.18.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "Externally Controlled Reference to a Resource in Another Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T15:53:09.261Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "Terrascan GitHub Repository",
              "url": "https://github.com/tenable/terrascan"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-47358",
        "datePublished": "2026-05-19T15:53:09.261Z",
        "dateReserved": "2026-05-19T13:49:09.883Z",
        "dateUpdated": "2026-05-19T17:08:41.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47357 (GCVE-0-2026-47357)

    Vulnerability from cvelistv5 – Published: 2026-05-19 15:53 – Updated: 2026-05-19 17:09
    VLAI
    Summary
    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    • CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Terrascan Affected: 0 , ≤ 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T17:09:02.885966Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T17:09:32.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Terrascan",
              "vendor": "tenable",
              "versions": [
                {
                  "lessThanOrEqual": "1.18.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to \"http\". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter\u0027s HttpGetter supports the X-Terraform-Get response header, allowing the attacker\u0027s server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "Externally Controlled Reference to a Resource in Another Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T15:53:05.222Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "Terrascan GitHub Repository",
              "url": "https://github.com/tenable/terrascan"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-47357",
        "datePublished": "2026-05-19T15:53:05.222Z",
        "dateReserved": "2026-05-19T13:49:09.883Z",
        "dateUpdated": "2026-05-19T17:09:32.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47356 (GCVE-0-2026-47356)

    Vulnerability from cvelistv5 – Published: 2026-05-19 15:53 – Updated: 2026-05-19 17:10
    VLAI
    Summary
    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    tenable Terrascan Affected: 0 , ≤ 1.18.3 (semver)
    Create a notification for this product.
    Credits
    Tristan Madani (@TristanInSec) from Talence Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-19T17:10:14.189839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-19T17:10:33.161Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Terrascan",
              "vendor": "tenable",
              "versions": [
                {
                  "lessThanOrEqual": "1.18.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tristan Madani (@TristanInSec) from Talence Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-19T15:53:04.821Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "Terrascan GitHub Repository",
              "url": "https://github.com/tenable/terrascan"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-47356",
        "datePublished": "2026-05-19T15:53:04.821Z",
        "dateReserved": "2026-05-19T13:49:09.883Z",
        "dateUpdated": "2026-05-19T17:10:33.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2698 (GCVE-0-2026-2698)

    Vulnerability from cvelistv5 – Published: 2026-02-23 16:28 – Updated: 2026-02-23 18:17
    VLAI
    Title
    Improper Access Control
    Summary
    An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    Tenable Security Center Affected: 0 , < 6.8.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:17:07.564162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:17:26.382Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Security Center",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "6.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope."
                }
              ],
              "value": "An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T16:28:07.711Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://https://www.tenable.com/security/tns-2026-07"
            },
            {
              "url": "https://https://docs.tenable.com/release-notes/Content/security-center/2026.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote: \u003c/strong\u003ePatches that include fixes for \u003cu\u003eApache, PHP and Libcurl\u003c/u\u003e\u0026nbsp;were recently released (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/security/tns-2026-06)\"\u003ehttps://www.tenable.com/security/tns-2026-06)\u003c/a\u003e. Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.tenable.com/release-notes/Content/security-center/2026.htm\"\u003eTenable SC Release Notes\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e"
                }
              ],
              "value": "Tenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/security-center \n\nNote: Patches that include fixes for Apache, PHP and Libcurl\u00a0were recently released ( https://www.tenable.com/security/tns-2026-06) . Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the  Tenable SC Release Notes https://docs.tenable.com/release-notes/Content/security-center/2026.htm \u00a0for more information."
            }
          ],
          "source": {
            "advisory": "tns-2026-07",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-2698",
        "datePublished": "2026-02-23T16:28:07.711Z",
        "dateReserved": "2026-02-18T15:44:14.404Z",
        "dateUpdated": "2026-02-23T18:17:26.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2697 (GCVE-0-2026-2697)

    Vulnerability from cvelistv5 – Published: 2026-02-23 15:17 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Indirect Object Reference (IDOR) in Security Center
    Summary
    An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Security Center Affected: 0 , < 6.8.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2697",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T04:56:37.938906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:10.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Security Center",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "6.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.8.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter."
                }
              ],
              "value": "An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T15:17:13.031Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2026-07"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote: \u003c/strong\u003ePatches that include fixes for \u003cu\u003eApache, PHP and Libcurl\u003c/u\u003e\u0026nbsp;were recently released (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/security/tns-2026-06)\"\u003ehttps://www.tenable.com/security/tns-2026-06)\u003c/a\u003e. Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.tenable.com/release-notes/Content/security-center/2026.htm\"\u003eTenable SC Release Notes\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e"
                }
              ],
              "value": "Tenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/security-center \n\nNote: Patches that include fixes for Apache, PHP and Libcurl\u00a0were recently released ( https://www.tenable.com/security/tns-2026-06) . Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the  Tenable SC Release Notes https://docs.tenable.com/release-notes/Content/security-center/2026.htm \u00a0for more information."
            }
          ],
          "source": {
            "advisory": "tns-2026-07",
            "discovery": "EXTERNAL"
          },
          "title": "Indirect Object Reference (IDOR) in Security Center",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-2697",
        "datePublished": "2026-02-23T15:17:13.031Z",
        "dateReserved": "2026-02-18T15:05:03.676Z",
        "dateUpdated": "2026-02-26T14:44:10.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2630 (GCVE-0-2026-2630)

    Vulnerability from cvelistv5 – Published: 2026-02-17 18:19 – Updated: 2026-02-26 14:44
    VLAI
    Title
    [R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2
    Summary
    A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Security Center Affected: 0 , ≤ 6.7.2 (semver)
    Create a notification for this product.
    Date Public
    2026-02-17 07:00
    Credits
    Bernard Santillan, OSC Technical Solutions
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2630",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:27.819095Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:19.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Security Center",
              "vendor": "Tenable",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "SC-202602.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "6.7.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "6.7.2",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bernard Santillan, OSC Technical Solutions"
            }
          ],
          "datePublic": "2026-02-17T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.\u003cbr\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T19:39:57.069Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2026-06"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Tenable has released Security Center Patch SC-202602.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Tenable has released Security Center Patch SC-202602.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/security-center"
            }
          ],
          "source": {
            "advisory": "tns-2026-06",
            "discovery": "EXTERNAL"
          },
          "title": "[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-2630",
        "datePublished": "2026-02-17T18:19:38.416Z",
        "dateReserved": "2026-02-17T14:22:13.573Z",
        "dateUpdated": "2026-02-26T14:44:19.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2026 (GCVE-0-2026-2026)

    Vulnerability from cvelistv5 – Published: 2026-02-13 16:14 – Updated: 2026-02-13 16:58
    VLAI
    Title
    Improper Access Control Allows Denial of Service
    Summary
    A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Agent Affected: 11.1.0 , < 11.1.2 (semver)
    Affected: 0 , < 11.0.4 (semver)
    Create a notification for this product.
    Date Public
    2026-02-12 19:00
    Credits
    Lockheed Martin Red Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2026",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T16:58:49.586878Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T16:58:59.807Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Agent",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "11.1.2",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "11.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "11.1.2",
                      "versionStartIncluding": "11.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "11.0.4",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lockheed Martin Red Team"
            }
          ],
          "datePublic": "2026-02-12T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."
                }
              ],
              "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T16:14:23.789Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2026-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus)\"\u003ehttps://www.tenable.com/downloads/nessus)\u003c/a\u003e.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus) ."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control Allows Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2026-2026",
        "datePublished": "2026-02-13T16:14:23.789Z",
        "dateReserved": "2026-02-05T21:05:54.081Z",
        "dateUpdated": "2026-02-13T16:58:59.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }