CVE-2026-2630: [R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2
Published Feb 17, 2026
·Updated
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
Affected Software
1 affected component
Tenable Security Center>=6.5.1<6.7.2
Remediation
Information
Tenable has released Security Center Patch SC-202602.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center
Event History
Feb 17, 2026
CVE Published
via MITRE·06:19 PM
Data Sourced
via MITRE·06:19 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·07:21 PM
DescriptionSeverityWeakness
Nov 5, 58117
Event
via FIRST·11:22 PM
Frequently Asked Questions
1
What is the severity of CVE-2026-2630?
CVE-2026-2630 is rated as a critical severity vulnerability due to the potential for unauthorized code execution.
2
How do I fix CVE-2026-2630?
To fix CVE-2026-2630, update Tenable Security Center to the latest version as provided in Tenable's advisory.
3
Who is affected by CVE-2026-2630?
CVE-2026-2630 affects any instance of Tenable Security Center that allows authenticated users to execute code on the server.
4
What could an attacker do with CVE-2026-2630?
An attacker exploiting CVE-2026-2630 could potentially execute arbitrary commands on the underlying server hosting Tenable Security Center.
5
Is CVE-2026-2630 remotely exploitable?
Yes, CVE-2026-2630 is remotely exploitable by an authenticated attacker.