- 49/2026
- High
Tenable has released security updates to address several vulnerabilities across Nessus Manager and Nessus Agent.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges, perform denial-of-service attacks, or gain access to the affected products.
Sample of addressed vulnerabilities:
1. Nessus Agent Privilege Escalation Vulnerability (CVE-2025-36640):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Nessus Manager Path Traversal Vulnerability (CVE-2026-3493):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2025-36640
- CVE-2026-2026
- CVE-2026-3493
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.