CVE-2026-2630OS Command Injection in Security Center

CWE-78OS Command Injection3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.4%
top 42.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenable Security Center
Timeline
PublishedFeb 17

Description

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5tenable/security_center6.7.2

🔴Vulnerability Details

2
GHSA
GHSA-frcr-mg6p-g499: A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable S2026-02-17
CVEList
[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.22026-02-17
CVE-2026-2630 — OS Command Injection in Security Center | cvebase