Autres informations et services du gouvernement : www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Arbitrary code execution vulnerability in Nessus can be exploited to elevate privileges, Patch Immediately!

Image
Decorative image
Publié : 27/04/2026
  • Last update: 27/04/2026
  • Affected software:
    → Nessus Agent <= 11.1.2
    → Nessus <= 10.11.3
  • Type: Arbitrary code execution, deletion of arbitrary files
  • CVE/CVSS
    → CVE-2026-33694: CVSS 7.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P)

Sources

Tenable security advisory - https://www.tenable.com/security/tns-2026-12
Tenable security advisory - https://www.tenable.com/security/tns-2026-13

Risks

Nessus running on a Windows system can be vulnerable to the deletion of arbitrary files with the highest privileges. This condition can allow attackers to potentially facilitate arbitrary code execution with elevated privileges, resulting in malicious code being executed. The Nessus application is typically not publicly exposed so an attacker would need local (network) access to exploit this vulnerability. Attackers can target these vulnerable systems to escalate their privileges and further attack other internal systems. A full compromise can have a high impact on the confidentiality, integrity, and availability of the system.

Description

CVE-2026-33694 is a vulnerability in the Nessus applications on Windows including the Nessus Agent, where an attacker can enable the deletion of arbitrary files with SYSTEM privileges. This condition could potentiality facilitate arbitrary code execution on the affected system with SYSTEM privileges.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-33694