CVE-2026-57588: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in tenable Nessus
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
AI Analysis
Technical Summary
This vulnerability involves improper neutralization of special elements used in an SQL command within Tenable Nessus. An attacker can create a malicious scan result file that, upon import by a privileged user, executes injected SQL commands against the scan results database. The vulnerability has a CVSS 3.1 base score of 3.3, indicating low severity, with attack vector local, low complexity, no privileges required, and user interaction required. The impact is limited to confidentiality with no integrity or availability impact. An official patch is available to address this issue.
Potential Impact
The vulnerability allows potential exfiltration of scan-result data from the Nessus database due to SQL injection. However, the impact is limited to confidentiality (partial data disclosure) with no impact on integrity or availability. Exploitation requires a privileged user to import a crafted scan result file and user interaction, reducing the likelihood of exploitation.
Mitigation Recommendations
An official fix is available for this vulnerability. It is recommended to apply the vendor-provided patch promptly to remediate the issue. Since the vulnerability requires importing a malicious scan result file by a privileged user, restricting import sources and validating scan files before import can reduce risk until patched.
CVE-2026-57588: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in tenable Nessus
Description
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
CVSS v3.1
Score 3.3low
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper neutralization of special elements used in an SQL command within Tenable Nessus. An attacker can create a malicious scan result file that, upon import by a privileged user, executes injected SQL commands against the scan results database. The vulnerability has a CVSS 3.1 base score of 3.3, indicating low severity, with attack vector local, low complexity, no privileges required, and user interaction required. The impact is limited to confidentiality with no integrity or availability impact. An official patch is available to address this issue.
Potential Impact
The vulnerability allows potential exfiltration of scan-result data from the Nessus database due to SQL injection. However, the impact is limited to confidentiality (partial data disclosure) with no impact on integrity or availability. Exploitation requires a privileged user to import a crafted scan result file and user interaction, reducing the likelihood of exploitation.
Mitigation Recommendations
An official fix is available for this vulnerability. It is recommended to apply the vendor-provided patch promptly to remediate the issue. Since the vulnerability requires importing a malicious scan result file by a privileged user, restricting import sources and validating scan files before import can reduce risk until patched.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- tenable
- Date Reserved
- 2026-06-24T19:21:39.666Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- official-fix
Threat ID: 6a3d3f314853345fc113d1cc
Added to database: 06/25/2026, 14:46:09 UTC
Last enriched: 06/25/2026, 15:01:04 UTC
Last updated: 06/25/2026, 15:46:19 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.