Arbitrary Code Execution Vulnerability in Tenable Products
CVE-2026-33694

7.4HIGH

Key Information:

Vendor: Tenable, Inc.
Status: Tenable Nessus, Tenable Nessus Agent
Vendor: CVE Published:; 23 April 2026

🔔 Create Tenable, Inc. Vulnerability Alert

What is CVE-2026-33694?

This vulnerability enables attackers to create junctions that can delete arbitrary files with SYSTEM privileges. Exploiting this flaw permits the execution of malicious code under elevated SYSTEM privileges, posing significant security risks for affected Tenable products. Organizations using Tenable.io or Tenable.sc must remain vigilant and apply patches to mitigate potential threats.

Affected Version(s)

Tenable Nessus, Tenable Nessus Agent Windows Nessus Agent <= 11.1.2

Tenable Nessus, Tenable Nessus Agent Windows Nessus <= 10.11.3

References

https://tenable.com/security/tns-2026-12

https://tenable.com/security/tns-2026-13

CVSS V4

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33694 Data

JSON