A security alert released by the French CERT on 8 January 2026 reports a vulnerability in Tenable Nessus Agent that could allow attackers to elevate privileges. The vulnerability, identified as CVE‑2025‑36640, affects Nessus Agent versions 11.x earlier than 11.0.3 and all versions earlier than 10.9.3. The issue permits an attacker to gain higher privileges on a system where the agent is installed. Users are advised to consult Tenable’s security bulletin tns‑2026‑01, dated 7 January 2026, for patch information. The French CERT recommends applying the vendor’s patches as soon as they become available. This vulnerability is classified as privilege escalation, and it is important for administrators to update their Nessus Agent installations promptly.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0013/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.