Primary

Context

Tenable Security Center Indirect Object Reference Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Tenable Security Center versions through 6.7.2. This vulnerability arises from an Indirect Object Reference (IDOR) issue, where an authenticated remote attacker can manipulate the 'owner' parameter to escalate privileges.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to gain elevated rights or access within the application.

Remediation

Tenable has released Security Center version 6.8.0 to address this vulnerability. The update can be downloaded from the Tenable Downloads Portal. Users should also refer to the Tenable SC Release Notes for additional information.

Added: Feb 23, 2026, 4:32 PM

Updated: Feb 23, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

6.6

remediation

7.7

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

6.6

remediation

7.7

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenable Security Center Indirect Object Reference Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Tenable Security Center

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating