CVE-2026-2026 MEDIUM

CVE-2026-2026: Improper Access Control Allows Denial of Service

Vendor Tenable
Product Agent
Weakness CWE-276
Published February 13, 2026
Last update February 13, 2026

CVSS base score

5.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.

Key dates

02Disclosure timeline

February 13, 2026 CVE published
February 13, 2026 Record updated