CVE-2026-2697: Indirect Object Reference (IDOR) in Security Center
Published Feb 23, 2026
·Updated
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
Affected Software
1 affected component
Tenable Security Center<6.8.0
Remediation
Information
Tenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center
Note: Patches that include fixes for Apache, PHP and Libcurl were recently released ( https://www.tenable.com/security/tns-2026-06) . Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the Tenable SC Release Notes https://docs.tenable.com/release-notes/Content/security-center/2026.htm for more information.
Event History
Feb 23, 2026
CVE Published
via MITRE·03:17 PM
Data Sourced
via MITRE·03:17 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·04:29 PM
DescriptionSeverityWeaknessAffected Software
Apr 10, 58134
Event
via FIRST·07:56 AM
Frequently Asked Questions
1
What is the severity of CVE-2026-2697?
CVE-2026-2697 has a high severity rating due to its potential for privilege escalation in Security Center.
2
How do I fix CVE-2026-2697?
To mitigate CVE-2026-2697, ensure that you update Tenable Security Center to version 6.8.0 or later.
3
What type of vulnerability is CVE-2026-2697?
CVE-2026-2697 is categorized as an Indirect Object Reference (IDOR) vulnerability.
4
Who is affected by CVE-2026-2697?
Users of Tenable Security Center versions prior to 6.8.0 are affected by CVE-2026-2697.
5
Can CVE-2026-2697 be exploited remotely?
Yes, CVE-2026-2697 can be exploited by an authenticated remote attacker.