This page lists publicly disclosed CVE vulnerabilities affecting tenable nessus_agent (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-2026 | A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | [email protected] | 5.4 | 0.01% | 2026-02-13 | 2026-02-24 |
| CVE-2025-36632 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. | [email protected] | 7.8 | 0.06% | 2025-06-16 | 2025-10-21 |
| CVE-2025-36633 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. | [email protected] | 8.8 | 0.01% | 2025-06-13 | 2025-10-23 |
| CVE-2025-36631 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. | [email protected] | 8.4 | 0.07% | 2025-06-13 | 2025-10-23 |
| CVE-2023-5847 | Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. | [email protected] | 6.7 | 0.05% | 2023-11-01 | 2024-11-21 |
| CVE-2021-20118 | Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117. | [email protected] | 6.7 | 0.04% | 2021-09-09 | 2024-11-21 |
| CVE-2021-20117 | Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. | [email protected] | 6.7 | 0.04% | 2021-09-09 | 2024-11-21 |
| CVE-2021-3450 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. Thi | [email protected] | 7.4 | 0.50% | 2021-03-25 | 2024-11-21 |
| CVE-2021-20077 | Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. | [email protected] | 6.7 | 0.04% | 2021-03-19 | 2024-11-21 |
| CVE-2020-5793 | A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. | [email protected] | 7.8 | 0.03% | 2020-11-05 | 2024-11-21 |
| CVE-2019-16168 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | [email protected] | 6.5 | 0.84% | 2019-09-09 | 2026-05-28 |