<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Nessus Agent (Versions Prior to 11.2.1) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/nessus-agent-versions-prior-to-11.2.1/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 15 Jul 2026 14:36:55 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/nessus-agent-versions-prior-to-11.2.1/feed.xml" rel="self" type="application/rss+xml"/><item><title>Vulnerability in Tenable Nessus Agent Allows Remote Code Execution and Security Bypass</title><link>https://feed.craftedsignal.io/briefs/2026-07-tenable-nessus-agent-vulnerability/</link><pubDate>Wed, 15 Jul 2026 14:36:55 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-tenable-nessus-agent-vulnerability/</guid><description>A critical vulnerability, CVE-2026-15265, has been discovered in Tenable Nessus Agent versions prior to 11.2.1 and 11.1.4, which allows an attacker to achieve remote code execution and bypass security policies on affected systems, necessitating immediate patching.</description><content:encoded><![CDATA[<p>On July 15, 2026, CERT-FR, acting on information from Tenable, issued an advisory regarding a critical vulnerability, CVE-2026-15265, found in Tenable Nessus Agent. This flaw affects Nessus Agent versions prior to 11.2.1 and all versions prior to 11.1.4. The vulnerability enables a remote attacker to achieve arbitrary code execution and bypass existing security policies on systems running the affected agent. This is a significant concern for defenders as the Nessus Agent typically runs with elevated privileges on managed endpoints, making successful exploitation a direct pathway to full system compromise. Organizations relying on Tenable Nessus Agent for vulnerability management and compliance should prioritize patching to mitigate the risk of unauthorized access and control.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker identifies vulnerable Tenable Nessus Agent instances (versions prior to 11.2.1 or 11.1.4) within a target network, possibly through network scanning or reconnaissance.</li>
<li>The attacker crafts and sends a specially malformed request or malicious input to the vulnerable Nessus Agent process.</li>
<li>The Nessus Agent, due to the CVE-2026-15265 vulnerability, improperly processes this input, leading to a bypass of internal security mechanisms.</li>
<li>This security bypass facilitates the injection and execution of arbitrary code with the privileges of the Nessus Agent.</li>
<li>Upon successful code execution, the attacker can leverage the compromised agent to establish persistence on the system.</li>
<li>The attacker can then perform actions such as installing additional malware, exfiltrating sensitive data, or pivoting to other systems within the compromised network.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>A successful exploitation of CVE-2026-15265 would result in complete compromise of the system running the vulnerable Tenable Nessus Agent. This could lead to unauthorized remote code execution, giving attackers full control over the affected endpoint. The attacker could bypass existing security controls, disable security software, steal sensitive data, deploy ransomware, or use the compromised system as a pivot point for lateral movement within the network. All organizations using affected versions of Tenable Nessus Agent are potential targets, risking significant data breaches and operational disruption.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-15265 immediately by upgrading Tenable Nessus Agent to version 11.2.1 or later, or 11.1.4 or later, as recommended in the Tenable security bulletin tns-2026-18.</li>
<li>Refer to the Tenable security bulletin <code>https://www.tenable.com/security/tns-2026-18</code> for detailed patching instructions and affected product matrix.</li>
<li>Monitor <code>process_creation</code> logs for any unusual process activity originating from the Nessus Agent process after patching, as a precautionary measure.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>remote-code-execution</category><category>security-bypass</category></item></channel></rss>