Skip to main content

Tenable Agent

1 CVEs product

Monthly

CVE-2026-15265 CRITICAL Act Now

Arbitrary file write via path traversal in Tenable Agent 11.2.0 and 11.1.3 and earlier lets a privileged attacker escape the intended plugin directory and drop files at attacker-chosen paths, potentially escalating to remote code execution. The flaw is vendor-reported (Tenable TNS-2026-18) and affects the endpoint scanning agent that typically runs with elevated/service privileges. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal RCE Tenable Agent
NVD
CVSS 4.0
9.4
EPSS
0.4%
EPSS 0% CVSS 9.4
CRITICAL Act Now

Arbitrary file write via path traversal in Tenable Agent 11.2.0 and 11.1.3 and earlier lets a privileged attacker escape the intended plugin directory and drop files at attacker-chosen paths, potentially escalating to remote code execution. The flaw is vendor-reported (Tenable TNS-2026-18) and affects the endpoint scanning agent that typically runs with elevated/service privileges. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal RCE Tenable Agent
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy