CVE-2026-13007
Received Received - Intake
Unauthenticated API Exposure in Tenable Identity Exposure

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: Tenable Network Security, Inc.

Description
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-13007
EUVD
EUVD-2026-38487
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenable identity_exposure *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-524 The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Tenable Identity Exposure involves multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data. This data includes cleartext LDAP credentials, SAML configuration, user accounts, and directory settings. Because these endpoints do not require authentication, remote attackers can access this sensitive information without any credentials.

Additionally, the affected responses are served with Cache-Control: public headers and lack the Vary: Cookie header. This allows reverse proxies and content delivery networks (CDNs) to cache and serve this sensitive data to unauthenticated users even after authentication is applied.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive configuration data such as LDAP credentials and user account information. Attackers can exploit this to gain further unauthorized access or perform malicious actions within the affected environment.

Because the sensitive data can be cached and served by reverse proxies or CDNs to unauthenticated users, the exposure risk is increased and may persist even after authentication controls are applied.

Compliance Impact

This vulnerability exposes sensitive application configuration data, including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Such exposure of sensitive data can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information.

Additionally, the fact that affected responses are cached publicly by reverse proxies and CDNs increases the risk of unauthorized data disclosure, further impacting compliance with data protection and privacy regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart