CVE-2026-2026 identifies a security vulnerability in the Tenable Nessus Agent version 11.1.0 for Windows platforms, categorized under CWE-276 (Incorrect Default Permissions). The issue arises from weak default NTFS permissions set on the agent’s installation directory, which may allow users with low privileges on the host system to access or modify files they should not be able to. This improper permission configuration can be exploited to cause Denial of Service (DoS) attacks by interfering with the agent’s operation, potentially disrupting vulnerability scanning and reporting. The vulnerability requires local access with low privileges (AV:L, PR:L) but does not require user interaction or elevated privileges. The CVSS 4.0 vector indicates low attack complexity and no need for authentication, but the impact on confidentiality and integrity is low, while availability impact is high. The agent is a critical component in vulnerability management workflows, so disruption can degrade an organization’s security monitoring capabilities. No public exploits are known, and no patches have been linked yet, emphasizing the need for proactive permission audits and controls. The vulnerability was published on February 13, 2026, and affects Windows hosts running the specified agent version.

For European organizations, this vulnerability poses a risk primarily to the availability of vulnerability management processes. Disruption of the Tenable Agent could delay or prevent timely vulnerability detection and remediation, increasing exposure to other threats. Organizations relying heavily on automated vulnerability scanning and compliance monitoring may experience operational impacts. Since the vulnerability requires local access, insider threats or attackers who have gained limited footholds on endpoints could exploit this to escalate disruption. Critical infrastructure sectors, financial institutions, and large enterprises with extensive Windows endpoint deployments are particularly at risk. The impact is compounded in environments with less stringent endpoint security controls or where agent permissions have not been reviewed. However, the lack of known exploits and the medium severity rating suggest the threat is moderate but warrants attention to prevent potential escalation or chaining with other vulnerabilities.

European organizations should immediately audit NTFS permissions on the Tenable Agent installation directories on all Windows hosts to ensure only authorized system accounts (e.g., SYSTEM, Administrators) have access. Remove or restrict permissions granted to standard users or groups that do not require access. Implement endpoint security controls to limit local user privileges and monitor for unauthorized permission changes. Apply the principle of least privilege rigorously on all endpoints. Monitor Tenable’s advisories for patches or updated agent versions addressing this issue and plan prompt deployment once available. Additionally, consider deploying host-based intrusion detection systems (HIDS) to detect anomalous file access or modifications within the agent directory. Regularly review and harden endpoint configurations as part of vulnerability management hygiene. Finally, educate IT and security teams about the risks of weak file permissions and the importance of securing agent software.