CVE-2026-2630
Received Received - Intake
Command Injection in Tenable Security Center Enables Remote Code Execution

Publication date: 2026-02-17

Last updated on: 2026-02-17

Assigner: Tenable Network Security, Inc.

Description
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2630
EUVD
EUVD-2026-7838
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
tenable security_center 6.5.1
tenable security_center 6.6.0
tenable security_center 6.7.2
apache http_server 2.4.66
php php 8.2.30
curl libcurl 8.18.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2630 is a Command Injection vulnerability in Tenable Security Center that allows an authenticated remote attacker to execute arbitrary code on the underlying server hosting the application.

This vulnerability arises from improper neutralization of special elements used in operating system commands (classified as CWE-78), enabling attackers to inject and run malicious commands remotely.

Impact Analysis

An attacker exploiting this vulnerability can execute arbitrary code on the server, potentially leading to full compromise of the system.

  • Loss of confidentiality, as sensitive data on the server could be accessed.
  • Loss of integrity, since the attacker can modify data or system configurations.
  • Loss of availability, as the attacker could disrupt services or cause denial of service.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2026-2630 Command Injection vulnerability in Tenable Security Center, you should immediately apply the security patches released by Tenable.

  • Apply patch SC-202602.2 which specifically addresses the critical Command Injection vulnerability.
  • Also apply patch SC-202602.1 to upgrade Apache to version 2.4.66, PHP to version 8.2.30, and libcurl to version 8.18.0, mitigating related vulnerabilities.

These patches are available from the Tenable Downloads Portal and should be applied promptly to reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2630. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart