CVE-2026-57588

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
References
Link Resource
https://www.tenable.com/security/tns-2026-17 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

History

26 Jun 2026, 16:48

Type Values Removed Values Added
References () https://www.tenable.com/security/tns-2026-17 - () https://www.tenable.com/security/tns-2026-17 - Vendor Advisory
CPE cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
First Time Tenable
Tenable nessus

25 Jun 2026, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 15:16

Updated : 2026-06-26 16:48


NVD link : CVE-2026-57588

Mitre link : CVE-2026-57588

CVE.ORG link : CVE-2026-57588


JSON object : View

Products Affected

tenable

  • nessus
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')