CVE-2026-13007
Awaiting Analysis Awaiting Analysis - Queue

Unauthenticated API Exposure in Tenable Identity Exposure

Vulnerability report for CVE-2026-13007, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-23

Last updated on: 2026-06-25

Assigner: Tenable Network Security, Inc.

Description

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-23
Last Modified
2026-06-25
Generated
2026-07-14
AI Q&A
2026-06-23
EPSS Evaluated
2026-07-12
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tenable identity_exposure *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-524 The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Tenable Identity Exposure involves multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data. This data includes cleartext LDAP credentials, SAML configuration, user accounts, and directory settings. Because these endpoints do not require authentication, remote attackers can access this sensitive information without any credentials.

Additionally, the affected responses are served with Cache-Control: public headers and lack the Vary: Cookie header. This allows reverse proxies and content delivery networks (CDNs) to cache and serve this sensitive data to unauthenticated users even after authentication is applied.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive configuration data such as LDAP credentials and user account information. Attackers can exploit this to gain further unauthorized access or perform malicious actions within the affected environment.

Because the sensitive data can be cached and served by reverse proxies or CDNs to unauthenticated users, the exposure risk is increased and may persist even after authentication controls are applied.

Compliance Impact

This vulnerability exposes sensitive application configuration data, including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Such exposure of sensitive data can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information.

Additionally, the fact that affected responses are cached publicly by reverse proxies and CDNs increases the risk of unauthorized data disclosure, further impacting compliance with data protection and privacy regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart