CVE-2025-36632
published 2025-06-16CVE-2025-36632: In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
PriorityP344high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.19%
8.4th percentile
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenable | agent | < 10.8.5 | 10.8.5 |
| tenable | nessus_agent | < 10.8.5 | 10.8.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
[R2] Nessus Agent Version 10.8.5 Fixes Multiple Vulnerabilities
blogs_tenable·2025-06-12
[R2] Nessus Agent Version 10.8.5 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2026-2026 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-2026 [HIGH] CVE-2026-2026 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2026 :
Tenable Nessus Agent vulnerability analysis and mitigation
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
Source : NVD
## 5.4
Score
Published February 13, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
Tenable Nessus Agent
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:tenable:nessus_agent
Sources
Linux Severity MEDIUM Has Fix Added at: Feb 25, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 25, 2026
Linux Severity
2025-06-16
Published