CVE-2026-57588

Received Received - Intake

SQL Injection in Nessus Scan Result Import

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Tenable Network Security, Inc.

Description

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-25

Last Modified

2026-06-25

Generated

2026-06-25

AI Q&A

2026-06-25

EPSS Evaluated

N/A

NVD

CVE-2026-57588

EUVD

EUVD-2026-39409

Affected Vendors & Products

Vendor	Product	Version / Range
tenable	nessus	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

This vulnerability is a SQL injection issue in Nessus. It allows an attacker to create a malicious scan result file that, when imported by a privileged user, injects harmful SQL commands into the scan results database.

This injection can lead to unauthorized actions on the database, such as extracting sensitive scan-result data.

Impact Analysis

The vulnerability can impact you by enabling an attacker to exfiltrate sensitive scan-result data from the Nessus database.

Since the attack requires a privileged user to import the malicious file, it could lead to unauthorized data disclosure and compromise of scan results.

Hi! I’m here to help you understand CVE-2026-57588. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-57588

SQL Injection in Nessus Scan Result Import

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart