{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/nessus-agent-versions-prior-to-11.2.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-15265"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Nessus Agent (versions prior to 11.2.1)","Nessus Agent (versions prior to 11.1.4)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","remote-code-execution","security-bypass"],"_cs_type":"advisory","_cs_vendors":["Tenable"],"content_html":"\u003cp\u003eOn July 15, 2026, CERT-FR, acting on information from Tenable, issued an advisory regarding a critical vulnerability, CVE-2026-15265, found in Tenable Nessus Agent. This flaw affects Nessus Agent versions prior to 11.2.1 and all versions prior to 11.1.4. The vulnerability enables a remote attacker to achieve arbitrary code execution and bypass existing security policies on systems running the affected agent. This is a significant concern for defenders as the Nessus Agent typically runs with elevated privileges on managed endpoints, making successful exploitation a direct pathway to full system compromise. Organizations relying on Tenable Nessus Agent for vulnerability management and compliance should prioritize patching to mitigate the risk of unauthorized access and control.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies vulnerable Tenable Nessus Agent instances (versions prior to 11.2.1 or 11.1.4) within a target network, possibly through network scanning or reconnaissance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts and sends a specially malformed request or malicious input to the vulnerable Nessus Agent process.\u003c/li\u003e\n\u003cli\u003eThe Nessus Agent, due to the CVE-2026-15265 vulnerability, improperly processes this input, leading to a bypass of internal security mechanisms.\u003c/li\u003e\n\u003cli\u003eThis security bypass facilitates the injection and execution of arbitrary code with the privileges of the Nessus Agent.\u003c/li\u003e\n\u003cli\u003eUpon successful code execution, the attacker can leverage the compromised agent to establish persistence on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as installing additional malware, exfiltrating sensitive data, or pivoting to other systems within the compromised network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploitation of CVE-2026-15265 would result in complete compromise of the system running the vulnerable Tenable Nessus Agent. This could lead to unauthorized remote code execution, giving attackers full control over the affected endpoint. The attacker could bypass existing security controls, disable security software, steal sensitive data, deploy ransomware, or use the compromised system as a pivot point for lateral movement within the network. All organizations using affected versions of Tenable Nessus Agent are potential targets, risking significant data breaches and operational disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-15265 immediately by upgrading Tenable Nessus Agent to version 11.2.1 or later, or 11.1.4 or later, as recommended in the Tenable security bulletin tns-2026-18.\u003c/li\u003e\n\u003cli\u003eRefer to the Tenable security bulletin \u003ccode\u003ehttps://www.tenable.com/security/tns-2026-18\u003c/code\u003e for detailed patching instructions and affected product matrix.\u003c/li\u003e\n\u003cli\u003eMonitor \u003ccode\u003eprocess_creation\u003c/code\u003e logs for any unusual process activity originating from the Nessus Agent process after patching, as a precautionary measure.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T14:36:55Z","date_published":"2026-07-15T14:36:55Z","id":"https://feed.craftedsignal.io/briefs/2026-07-tenable-nessus-agent-vulnerability/","summary":"A critical vulnerability, CVE-2026-15265, has been discovered in Tenable Nessus Agent versions prior to 11.2.1 and 11.1.4, which allows an attacker to achieve remote code execution and bypass security policies on affected systems, necessitating immediate patching.","title":"Vulnerability in Tenable Nessus Agent Allows Remote Code Execution and Security Bypass","url":"https://feed.craftedsignal.io/briefs/2026-07-tenable-nessus-agent-vulnerability/"}],"language":"en","title":"CraftedSignal Threat Feed - Nessus Agent (Versions Prior to 11.2.1)","version":"https://jsonfeed.org/version/1.1"}