Primary

Context

Tenable Security Center Command Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A command injection vulnerability has been identified in Tenable Security Center, allowing authenticated, remote attackers to execute arbitrary code on the server hosting the application. This vulnerability affects Security Center versions 6.7.2 and earlier.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the server, potentially allowing attackers to execute arbitrary code with the same privileges as the application.

Remediation

Tenable has released patches SC-202602.1 and SC-202602.2 to address this vulnerability. The patch SC-202602.1 can be applied to Tenable Security Center versions 6.5.1, 6.6.0, and 6.7.2. The patch SC-202602.2 is available for all affected versions. The installation files for both patches can be obtained from the Tenable Downloads Portal.

Added: Feb 17, 2026, 7:40 PM

Updated: Feb 17, 2026, 7:40 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

6.6

remediation

7.7

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

6.6

remediation

7.7

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenable Security Center Command Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Tenable Security Center

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating