SQL injection in Tenable Nessus - CVE-2026-57588
Published: June 30, 2026 / Updated: July 1, 2026
Tenable Nessus
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose scan result data.
The vulnerability exists due to sql injection in scan result file handling when parsing scan result files injected by a privileged Nessus user. A remote attacker can cause a crafted scan result file to be processed to disclose scan result data.
User interaction is required.