CVE-2026-2026 - Vulnerability Details - OpenCVE

A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Tenable	Agent

No data.

No data.

References

Link	Providers
https://www.spirityenterprise.com/managed-detection-response
https://www.tenable.com/security/tns-2026-05

History

Fri, 13 Feb 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 13 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
Title		Improper Access Control Allows Denial of Service
First Time appeared		Tenable Tenable agent
Weaknesses		CWE-276
CPEs		cpe:2.3:a:tenable:agent:::windows:::::*
Vendors & Products		Tenable Tenable agent
References		https://www.tenable.com/security/tns-2026-05
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}` cvssV4_0 `{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}`

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2026-02-13T16:14:23.789Z

Updated: 2026-02-13T16:58:59.807Z

Reserved: 2026-02-05T21:05:54.081Z

Link: CVE-2026-2026

Vulnrichment

Updated: 2026-02-13T16:58:55.829Z

NVD

Status : Awaiting Analysis

Published: 2026-02-13T17:16:14.383

Modified: 2026-02-13T21:43:11.137

Link: CVE-2026-2026

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2026", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2026-02-05T21:05:54.081Z", "datePublished": "2026-02-13T16:14:23.789Z", "dateUpdated": "2026-02-13T16:58:59.807Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows"], "product": "Agent", "vendor": "Tenable", "versions": [{"lessThan": "11.1.2", "status": "affected", "version": "11.1.0", "versionType": "semver"}, {"lessThan": "11.0.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*", "versionEndExcluding": "11.1.2", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*", "versionEndExcluding": "11.0.4", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Lockheed Martin Red Team"}], "datePublic": "2026-02-12T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."}], "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-02-13T16:14:23.789Z"}, "references": [{"url": "https://www.tenable.com/security/tns-2026-05"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus)\">https://www.tenable.com/downloads/nessus)</a>.\n\n<br>"}], "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus) ."}], "source": {"discovery": "EXTERNAL"}, "title": "Improper Access Control Allows Denial of Service", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T16:58:49.586878Z", "id": "CVE-2026-2026", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T16:58:59.807Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2026", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2026-02-05T21:05:54.081Z", "datePublished": "2026-02-13T16:14:23.789Z", "dateUpdated": "2026-02-13T16:58:59.807Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows"], "product": "Agent", "vendor": "Tenable", "versions": [{"lessThan": "11.1.2", "status": "affected", "version": "11.1.0", "versionType": "semver"}, {"lessThan": "11.0.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*", "versionEndExcluding": "11.1.2", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*", "versionEndExcluding": "11.0.4", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Lockheed Martin Red Team"}], "datePublic": "2026-02-12T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."}], "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-02-13T16:14:23.789Z"}, "references": [{"url": "https://www.tenable.com/security/tns-2026-05"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus)\">https://www.tenable.com/downloads/nessus)</a>.\n\n<br>"}], "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus) ."}], "source": {"discovery": "EXTERNAL"}, "title": "Improper Access Control Allows Denial of Service", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2026", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-13T16:58:49.586878Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T16:58:55.829Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."}], "id": "CVE-2026-2026", "lastModified": "2026-02-13T21:43:11.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "vulnreport@tenable.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnreport@tenable.com", "type": "Secondary"}]}, "published": "2026-02-13T17:16:14.383", "references": [{"source": "vulnreport@tenable.com", "url": "https://www.tenable.com/security/tns-2026-05"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}