CVE-2026-2026
Awaiting Analysis Awaiting Analysis - Queue
Weak File Permissions in Nessus Agent on Windows Allow DoS

Publication date: 2026-02-13

Last updated on: 2026-02-24

Assigner: Tenable Network Security, Inc.

Description
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-13
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-13
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2026
EUVD
EUVD-2026-7381
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenable nessus_agent to 11.0.4 (exc)
tenable nessus_agent From 11.1.0 (inc) to 11.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-2026 is a vulnerability in Tenable's Nessus Agent on Windows hosts caused by weak file permissions in the Nessus Agent directory."}, {'type': 'paragraph', 'content': 'These weak permissions could allow unauthorized users with local access to gain entry to the directory, potentially enabling them to cause Denial of Service (DoS) attacks.'}, {'type': 'paragraph', 'content': 'The issue is classified under CWE-276: Incorrect Default Permissions.'}] [1]

Impact Analysis

This vulnerability can impact you by allowing unauthorized local users with low privileges to access the Nessus Agent directory on Windows hosts.

Such access could lead to Denial of Service (DoS) attacks, which would disrupt the availability of the Nessus Agent service.

The confidentiality impact is low, and there is no impact on integrity, but the availability impact is high.

Therefore, the main risk is service disruption rather than data compromise.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves weak file permissions in the Nessus Agent directory on Windows hosts, which could allow unauthorized access.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you should check the file permissions of the Nessus Agent directory on Windows hosts to ensure they are not overly permissive.'}, {'type': 'paragraph', 'content': 'While specific commands are not provided in the resources, a typical approach on Windows would be to use PowerShell commands such as "Get-Acl" to review the Access Control Lists (ACLs) of the Nessus Agent directory and its files.'}, {'type': 'list_item', 'content': "Example command: Get-Acl -Path 'C:\\Program Files\\Tenable\\Nessus Agent' | Format-List"}, {'type': 'paragraph', 'content': 'Review the output for any permissions that allow unauthorized users to access or modify files.'}] [1]

Mitigation Strategies

The immediate and recommended step to mitigate this vulnerability is to upgrade the Nessus Agent to a fixed version.

  • Upgrade Nessus Agent to version 11.0.4 or 11.1.2 or later, which correct the file permissions issue.

These fixed versions are available from the Tenable Downloads Portal.

Prompt patching is emphasized to prevent unauthorized access and potential Denial of Service attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2026. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart