Primary

Context

Tenable Nessus and Nessus Agent Junction Vulnerability Allowing Arbitrary File Deletion and Potential Code Execution

Vulnerability

Patched

A vulnerability exists in Tenable Nessus versions 10.11.3 and earlier, as well as Nessus Agent on Windows versions 11.1.2 and earlier. This vulnerability allows an attacker to create a junction that can delete arbitrary files with SYSTEM privileges. Consequently, this could lead to arbitrary code execution, as the attacker might exploit this vulnerability to run malicious code with elevated SYSTEM rights.

Impact

Exploitation of this vulnerability could result in unauthorized deletion of files and execution of malicious code with SYSTEM privileges.

Remediation

Users can upgrade to Tenable Nessus versions 10.11.4 or 10.12.0, or to Nessus Agent version 11.1.3. The installation files are available from the Tenable Downloads Portal.

Added: Apr 23, 2026, 7:54 PM

Updated: Apr 23, 2026, 7:54 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.6

remediation

7.7

relevance

6.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.6

remediation

7.7

relevance

6.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenable Nessus and Nessus Agent Junction Vulnerability Allowing Arbitrary File Deletion and Potential Code Execution

Vulnerability

Impact

Remediation

Affected Products

Tenable Nessus

Tenable Nessus Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating