CVE-2026-2698: Improper Access Control
Published Feb 23, 2026
·Updated
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
Affected Software
1 affected component
Tenable Security Center<6.8.0
Remediation
Information
Tenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center
Note: Patches that include fixes for Apache, PHP and Libcurl were recently released ( https://www.tenable.com/security/tns-2026-06) . Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the Tenable SC Release Notes https://docs.tenable.com/release-notes/Content/security-center/2026.htm for more information.
Event History
Feb 23, 2026
CVE Published
via MITRE·04:28 PM
Data Sourced
via MITRE·04:28 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·05:23 PM
DescriptionSeverityWeaknessAffected Software
Apr 10, 58134
Event
via FIRST·12:53 PM
Frequently Asked Questions
1
What is the severity of CVE-2026-2698?
CVE-2026-2698 has been classified as a high severity vulnerability due to improper access control.
2
How do I fix CVE-2026-2698?
To fix CVE-2026-2698, it is recommended to update Tenable Security Center to version 6.8.0 or later.
3
What type of vulnerability is CVE-2026-2698?
CVE-2026-2698 is classified as an improper access control vulnerability.
4
Who is affected by CVE-2026-2698?
CVE-2026-2698 affects Tenable Security Center versions prior to 6.8.0.
5
Can CVE-2026-2698 allow unauthorized data access?
Yes, CVE-2026-2698 can potentially allow an authenticated user to access areas outside their authorized scope, leading to unauthorized data access.