CVE-2026-2697
IDOR Vulnerability in Security Center Enables Privilege Escalation
Publication date: 2026-02-23
Last updated on: 2026-04-29
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenable | security_center | to 6.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2697 is an Indirect Object Reference (IDOR) vulnerability found in Tenable Security Center versions 6.7.2 and earlier.'}, {'type': 'paragraph', 'content': "This vulnerability allows an authenticated remote attacker to escalate privileges by manipulating the 'owner' parameter."}, {'type': 'paragraph', 'content': 'It is classified under CWE-266: Incorrect Privilege Assignment.'}] [1]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated remote attacker to escalate their privileges within the Tenable Security Center.
Privilege escalation can lead to unauthorized access to sensitive information, modification of data, or disruption of availability.
The CVSSv3 score of 6.3 indicates a medium severity impact affecting confidentiality, integrity, and availability.
Tenable addressed this issue in version 6.8.0, and applying the patch is strongly recommended to mitigate these risks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "CVE-2026-2697 is an Indirect Object Reference (IDOR) vulnerability that involves manipulation of the 'owner' parameter by an authenticated remote attacker to escalate privileges."}, {'type': 'paragraph', 'content': "Detection would involve monitoring or testing for unauthorized privilege escalation attempts via the 'owner' parameter in Tenable Security Center versions 6.7.2 and earlier."}, {'type': 'paragraph', 'content': 'No specific detection commands or network scanning commands are provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Tenable Security Center to version 6.8.0 or later.
This update includes fixes for CVE-2026-2697 by addressing the IDOR vulnerability and upgrading third-party components such as libssh to version 1.11.1 and postgresql to version 16.11.
Applying this patch also resolves other related vulnerabilities and is strongly recommended to prevent privilege escalation risks.