Description
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
Published: 2026-06-25
Score: 2.1 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Nessus’ handling of reverse DNS records during scans permits a remote, unauthenticated attacker to inject malicious SQL statements into the scan results database. This injection can lead to the unauthorized retrieval of scan report data. The weakness is a classic SQL injection, categorized under CWE-89.

Affected Systems

All Nessus services from Tenable that perform reverse DNS lookups are affected, as the advisory does not specify version constraints or operating system limitations.

Risk and Exploitability

The vulnerability carries a CVSS score of 2.1, indicating low severity. EPSS data is unavailable, and the issue is not listed in CISA’s KEV catalog, suggesting limited exploitation activity to date. However, the attack requires the attacker to control reverse DNS records for a host that Nessus scans, a condition that is possible in environments where DNS records are not tightly managed. Once the injection is achieved, the attacker can read the contents of the database, enabling exfiltration of sensitive scan information. The overall risk is moderate, primarily driven by the potential for data exposure rather than system compromise.

Generated by OpenCVE AI on June 25, 2026 at 15:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict control of reverse DNS records for scanned hosts to trusted administrators or DNS service providers, preventing attackers from modifying PTR records.
  • Apply the latest Nessus update or patch released by Tenable that addresses the reverse‑DNS SQL injection flaw as soon as it becomes available.
  • Enforce authentication for all Nessus scan operations and disable unauthenticated scan access to reduce the window of opportunity for exploitation.

Generated by OpenCVE AI on June 25, 2026 at 15:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
Title SQL Injection in Nessus via Reverse DNS Lookup
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published:

Updated: 2026-06-25T15:49:55.625Z

Reserved: 2026-06-24T19:21:39.666Z

Link: CVE-2026-57587

cve-icon Vulnrichment

Updated: 2026-06-25T15:34:56.788Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:45:05Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')