Description
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
Published: 2026-02-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A weakness in the file permissions of the Nessus Agent directory on Windows hosts allows an attacker to gain unauthorized access to the directory. The adversary can then interrupt the operation of the agent, effectively causing a denial of service. The vulnerability is a result of improper access control (CWE-276) which limits the confidentiality, integrity, and availability of the agent when compromised.

Affected Systems

Tenable Nessus Agent installed on Windows systems is affected. The vulnerability applies to all versions released before the publication of Nessus Agent 11.0.4 and 11.1.2. The attack surface is confined to the product’s installation directory, where permission misconfiguration occurs.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity. The EPSS probability of less than 1% suggests a low likelihood of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. It is inferred that the attack vector requires local access or the ability to write to the agent directory, after which a denial of service can be induced by manipulating file permissions or corrupting configuration files.

Generated by OpenCVE AI on April 17, 2026 at 19:52 UTC.

Remediation

Vendor Solution

Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus) .

OpenCVE Recommended Actions

  • Install Nessus Agent version 11.0.4 or later, or 11.1.2 or higher from Tenable’s download portal
  • Configure the Nessus Agent installation directory to restrict file permissions so that only the agent’s service account can access it
  • Regularly audit and monitor the permissions on the Nessus Agent directory to detect unauthorized changes promptly

Generated by OpenCVE AI on April 17, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
Tenable nessus Agent
CPEs cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows
Tenable nessus Agent

Fri, 13 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
Title Improper Access Control Allows Denial of Service
First Time appeared Tenable
Tenable agent
Weaknesses CWE-276
CPEs cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*
Vendors & Products Tenable
Tenable agent
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}

cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Microsoft Windows
Tenable Agent Nessus Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published:

Updated: 2026-02-13T16:58:59.807Z

Reserved: 2026-02-05T21:05:54.081Z

Link: CVE-2026-2026

cve-icon Vulnrichment

Updated: 2026-02-13T16:58:55.829Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-13T17:16:14.383

Modified: 2026-02-24T20:26:42.967

Link: CVE-2026-2026

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:00:09Z

Weaknesses