A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.

Description

Affected Products

Vendor	Product	Versions
tenable	nessus_agent	< 11.0.4, < 11.1.2

References

https://www.tenable.com/security/tns-2026-05(Vendor Advisory)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

11.0.411.1.2

CWECWE-276

PublishedFeb 13, 2026

Last enriched8d ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (2)

MEDIUMCVE-2026-2697

An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

Trending: 23

MEDIUMCVE-2026-2698

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 13, 2026

Patch Available

Feb 24, 2026

Discovered by ZDM

Apr 1, 2026