An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

Description

Vendor	Product	Versions
tenable	security_center	< 6.8.0

Tier B

CCCS Canada2h ago

→ No new info (linked only)

CVSS 3.16.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

6.8.0

CWECWE-639

PublishedFeb 23, 2026

Last enriched8d ago

Trending Score23

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack