Tenable Security Center Command Injection Vulnerability: Unapproved Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.4

Tenable Security Center Command Injection Vulnerability: Unapproved Code Execution

CVE-2026-2630

Summary

An attacker can execute unauthorized commands on the server hosting Tenable Security Center if they are authenticated and remote. This allows the attacker to potentially access sensitive data or disrupt the system. Update Tenable Security Center to the latest version to mitigate this risk.

Original title

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.

Original description

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.

nvd CVSS3.1 8.8

nvd CVSS4.0 7.4

Vulnerability type

CWE-78 OS Command Injection

https://www.tenable.com/security/tns-2026-06

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026