Path Traversal Vulnerability in Tenable Agent by Tenable
CVE-2026-15265

9.3CRITICAL

Key Information:

Vendor

Tenable

Vendor
CVE Published:
14 July 2026

What is CVE-2026-15265?

A path traversal vulnerability exists in Tenable Agent versions 11.2.0 and 11.1.3 and earlier, allowing a privileged attacker to write arbitrary files outside the designated plugin directory. This flaw could potentially enable unauthorized remote code execution, significantly compromising system integrity and security. Users are advised to update to the latest version to mitigate these risks.

Affected Version(s)

tenable_agent Linux 11.2.0

tenable_agent Linux 0 <= 11.1.3

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Neil Graves / LVL 0x00, LLC
.