CVE-2026-2630
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
AnalysisAI
Tenable Security Center is vulnerable to command injection that allows authenticated remote attackers to execute arbitrary code on the hosting server. With no patch currently available and an 8.8 CVSS score, this vulnerability poses a significant risk to organizations relying on this security platform for vulnerability management. Attackers with valid credentials can achieve full system compromise without user interaction.
Technical ContextAI
Classified as CWE-78 (OS Command Injection). A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
Affected ProductsAI
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable S
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today