CVE-2026-2026 — Incorrect Default Permissions in Agent

CWE-276 — Incorrect Default Permissions CWE-138 — Improper Neutralization of Special Elements54 documents8 sources

Severity

5.4MEDIUMNVD

GHSA7.5

EPSS

0.0%

top 98.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenable Agent Tenable Nessus Agent

Timeline

PublishedFeb 13

Latest updateApr 9

Description

A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDtenable/nessus_agent11.1.0 — 11.1.2+1

▶CVEListV5tenable/agent11.1.0 — 11.1.2+1

🔴Vulnerability Details

GHSA

GHSA-w7w9-2vjv-7r67: A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potent↗2026-02-13

▶

CVEList

Improper Access Control Allows Denial of Service↗2026-02-13

▶

📋Vendor Advisories

Red Hat

chromium-browser: Integer overflow in ANGLE↗2026-03-03

▶

🕵️Threat Intelligence

Wiz

CVE-2026-2026 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-20805 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-21362 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-13652 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-33282 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-34945 tree-sitter: Wasmtime Winch compiler: Information disclosure via incorrect table.size instruction translation [fedora-all]↗2026-04-09

▶