Security Center: Privilege Escalation via Owner Parameter

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Security Center: Privilege Escalation via Owner Parameter

CVE-2026-2697

Summary

An attacker with an account can access sensitive data by manipulating the 'owner' field. This allows them to see or edit information they shouldn't be able to, potentially leading to unauthorized changes or data theft. To address this, update Security Center to include proper access controls and validate user permissions.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
tenable	security_center	<= 6.8.0	–

Original title

An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

Original description

An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

nvd CVSS3.1 8.8

nvd CVSS4.0 5.3

Vulnerability type

CWE-639 Authorization Bypass Through User-Controlled Key

https://www.tenable.com/security/tns-2026-07 Vendor Advisory

Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026