Arbitrary Code Execution Vulnerability in Tenable Products
CVE-2026-33694

7.4HIGH

Key Information:

Vendor: Tenable, Inc.
Status: Tenable Nessus, Tenable Nessus Agent
Vendor: CVE Published:; 23 April 2026

🔔 Create Tenable, Inc. Vulnerability Alert

Badges

📈 Score: 372👾 Exploit Exists📰 News Worthy

What is CVE-2026-33694?

CVE-2026-33694 is a significant vulnerability identified in Tenable products, which are widely used for security and vulnerability management within various organizations. This vulnerability permits an attacker to create a junction that leads to the deletion of arbitrary files with SYSTEM privileges. The implications of this vulnerability are severe, as it enables attackers to execute malicious code at elevated SYSTEM levels. As Tenable products are integral to many organizations' security postures, the exploitation of this vulnerability could lead to critical disruptions, including unauthorized access to sensitive information and the potential for widespread damage to IT infrastructure.

Potential impact of CVE-2026-33694

Arbitrary Code Execution: The vulnerability grants attackers the ability to execute malicious code with elevated privileges, potentially allowing them to take full control of affected systems, which could lead to unauthorized data access or system manipulation.
Data Loss and Corruption: The ability to delete arbitrary files can result in significant data loss and corruption. This manipulation may disrupt business operations and compromise important data integrity, leading to further financial and reputational ramifications for organizations.
Increased Attack Surface: The existence of this vulnerability expands the attack surface for organizations relying on Tenable products, potentially making them a target for cybercriminal activities, including ransomware attacks, as attackers may exploit these systems to achieve broader network access.