How serious is CVE-2026-2697?

This vulnerability has a CVSS score of 5.3 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-2697?

Yes, proof-of-concept exploit code for CVE-2026-2697 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-2697?

CVE-2026-2697 affects tenable security center. Check the full CVE details for specific version information.

How do I fix CVE-2026-2697?

To remediate CVE-2026-2697, check for security patches from tenable. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-2697

Medium

|5.3

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker with an account on the Security Center can exploit a flaw to gain higher privileges by manipulating the 'owner' parameter. This means they could potentially access or control parts of the system that they shouldn't, but they must already be logged in to take advantage of this vulnerability.

Technical Description

An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$724($500-$1K)

Vendor Response

Grade APatched in 3 days

Quick Information

Published

Feb 23, 2026

about 1 month ago

Last Modified

Feb 26, 2026

about 1 month ago

Vendor

tenable

Product

security center

Related Vulnerabilities

CVE-2026-2698Medium

This vulnerability allows an authenticated user to access parts of the system they shouldn't be able to reach, potentially exposing sensitive information or functions. It requires that the user is already logged in, but their permissions are not properly enforced, leading to unauthorized access.