{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33694", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2026-03-23T16:39:06.329Z", "datePublished": "2026-04-23T18:09:41.682Z", "dateUpdated": "2026-04-24T03:55:34.202Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-04-23T18:09:41.682Z"}, "title": "Junction File Manipulation", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-59", "description": "CWE-59 Improper link resolution before file access ('link following')", "type": "CWE"}]}], "affected": [{"vendor": "Tenable, Inc.", "product": "Tenable Nessus, Tenable Nessus Agent", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "Nessus Agent", "lessThanOrEqual": "11.1.2", "versionType": ".msi"}, {"status": "affected", "version": "Nessus", "lessThanOrEqual": "10.11.3", "versionType": ".msi"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges."}]}], "references": [{"url": "https://tenable.com/security/tns-2026-12"}, {"url": "https://tenable.com/security/tns-2026-13"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P"}}], "source": {"advisory": "TNS-2026-12, TNS-2026-13", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-33694"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T03:55:34.202Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33694", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-23T18:51:03.923165Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T18:51:09.791Z"}}], "cna": {"title": "Junction File Manipulation", "source": {"advisory": "TNS-2026-12, TNS-2026-13", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Tenable, Inc.", "product": "Tenable Nessus, Tenable Nessus Agent", "versions": [{"status": "affected", "version": "Nessus Agent", "versionType": ".msi", "lessThanOrEqual": "11.1.2"}, {"status": "affected", "version": "Nessus", "versionType": ".msi", "lessThanOrEqual": "10.11.3"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://tenable.com/security/tns-2026-12"}, {"url": "https://tenable.com/security/tns-2026-13"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.", "supportingMedia": [{"type": "text/html", "value": "This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59 Improper link resolution before file access ('link following')"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-04-23T18:09:41.682Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33694", "state": "PUBLISHED", "dateUpdated": "2026-04-24T03:55:34.202Z", "dateReserved": "2026-03-23T16:39:06.329Z", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "datePublished": "2026-04-23T18:09:41.682Z", "assignerShortName": "tenable"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges."}], "id": "CVE-2026-33694", "lastModified": "2026-04-24T14:50:56.203", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnreport@tenable.com", "type": "Secondary"}]}, "published": "2026-04-23T19:17:28.073", "references": [{"source": "vulnreport@tenable.com", "url": "https://tenable.com/security/tns-2026-12"}, {"source": "vulnreport@tenable.com", "url": "https://tenable.com/security/tns-2026-13"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.11.3]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Tenable Nessus, Tenable Nessus Agent", "source": "cna", "vendor": "Tenable, Inc."}, "product": "nessus", "vendor": "tenable"}, {"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,11.1.2]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Tenable Nessus, Tenable Nessus Agent", "source": "cna", "vendor": "Tenable, Inc."}, "product": "nessus_agent", "vendor": "tenable"}], "analysis": {"en": {"generated_at": "2026-04-28T14:47:56.310300+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011provided Nessus update that removes the junction\u2011creation flaw.", "Reconfigure the Nessus service to run under a least\u2011privilege account that lacks SYSTEM rights and deny permissions that allow creation or deletion of junctions on critical directories.", "Use Windows file\u2011system permissions or AppLocker rules to block the creation of junction points for the Nessus process, thereby preventing the deletion of arbitrary files."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary code execution with SYSTEM privileges"}, "threat_synthesis": {"affected_systems": "The affected products are Tenable Nessus and Tenable Nessus Agent. No specific version information is provided, so all installations of these products are considered potentially impacted until the vendor issues a fix.", "description_and_impact": "This vulnerability permits an attacker to create a junction that can delete arbitrary files with SYSTEM privileges, thereby potentially enabling the execution of malicious code with elevated permissions. The flaw is a file system manipulation weakness that, if exploited, could compromise the integrity of the target system and lead to full system compromise.", "risk_and_exploitability": "The CVSS score of 7.4 indicates a high severity, while the EPSS score of less than 1% suggests a low probability of exploitation at the current time. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, the likely attack vector is local exploitation by a user with enough privileges to run Nessus or its agent; an attacker would need to achieve or already possess SYSTEM-level rights to take advantage of the junction creation and file deletion capability. The potential for arbitrary code execution depends on additional conditions beyond the junction manipulation, but the capability is present if the attacker can orchestrate the deletion of system files and replace them with malicious binaries."}}}}, "created": "2026-04-28T01:45:18.073515+00:00", "updated": "2026-04-28T15:00:14.490086+00:00", "vendors": ["tenable", "tenable$PRODUCT$nessus", "tenable$PRODUCT$nessus_agent"]}