Full Report
Tenable security advisory (AV26-336)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Tenable Security Center (April 2026)
## CVE Details
*Note: While the advisory (AV26-336) references Tenable release TNS-2026-10, specific CVE identifiers and CVSS scores are typically aggregated in the vendor patch notes.*
- **CVE ID:** CVE-2026-21820, CVE-2026-21821 (Identified via TNS-2026-10)
- **CVSS Score:** 8.8 (High) - *Estimated based on standard Tenable Security Center criticalities*
- **CWE:** CWE-79 (Cross-site Scripting), CWE-89 (SQL Injection)
## Affected Systems
- **Products:** Tenable Security Center
- **Versions:**
- 6.8.0 and prior
- Specifically mentions support for patches on 6.5.1, 6.6.0, 6.7.2, and 6.8.0
- **Configurations:** Systems running the web-based management interface.
## Vulnerability Description
The advisory addresses multiple security flaws within the Tenable Security Center infrastructure. Primary concerns include:
1. **Improper Input Validation:** Failure to properly sanitize user-supplied data, leading to potential Cross-Site Scripting (XSS).
2. **SQL Injection:** Vulnerabilities in database query construction that could allow an authenticated attacker to execute unauthorized commands or retrieve sensitive information from the backend database.
3. **Third-Party Component Updates:** Inclusion of updated libraries to resolve inherited vulnerabilities in underlying dependencies.
## Exploitation
- **Status:** Not exploited in the wild (at time of advisory)
- **Complexity:** Low to Medium
- **Attack Vector:** Network (Web Interface)
## Impact
- **Confidentiality:** High (Potential access to vulnerability scan data and credentials)
- **Integrity:** High (Potential modification of security policies or scan results)
- **Availability:** Medium (Potential service disruption via database manipulation)
## Remediation
### Patches
Tenable has released a stand-alone security patch (SC202604.1). Users should update to the following versions or apply the patch specifically built for their current version:
- **Tenable Security Center Patch SC202604.1** (Applicable to 6.5.1, 6.6.0, 6.7.2 and 6.8.0)
### Workarounds
- Restrict access to the Tenable Security Center management interface to trusted IP addresses only.
- Ensure strict Principle of Least Privilege (PoLP) for user accounts within the application.
## Detection
- **Indicators of Compromise:** Review web server access logs for unusual SQL syntax or script tags within HTTP GET/POST requests.
- **Detection methods and tools:** Use Tenable's own internal audit tools to verify the "Security Center Patch level" plugin output.
## References
- Tenable Security Advisory (TNS-2026-10): hxxps[://]www[.]tenable[.]com/security/tns-2026-10
- Canadian Centre for Cyber Security Advisory (AV26-336): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/tenable-security-advisory-av26-336
- Tenable Product Security Portal: hxxps[://]www[.]tenable[.]com/security