Tenable Security Center
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenable Security Center.
By the Year
In 2026 there have been 3 vulnerabilities in Tenable Security Center with an average score of 7.2 out of ten. Last year, in 2025 Security Center had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 2.90.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 7.20 |
| 2025 | 1 | 4.30 |
| 2024 | 5 | 5.93 |
It may take a day or so for new Security Center vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenable Security Center Security Vulnerabilities
Improper Access Control in Unknown App Permits Authenticated Scope Escalation
CVE-2026-2698
6.5 - Medium
- February 23, 2026
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
Insecure Direct Object Reference / IDOR
IDOR in Qualys Security Center Enables Authenticated Remote Priv Escalation
CVE-2026-2697
6.3 - Medium
- February 23, 2026
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
Insecure Direct Object Reference / IDOR
Auth Remote Cmd Injection in Tenable Security Center
CVE-2026-2630
8.8 - High
- February 17, 2026
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
Shell injection
Tenable Security Center <6.7.0 Improper Access Control (Authenticated)
CVE-2025-36636
4.3 - Medium
- October 08, 2025
In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
Authorization
Tenable Security Center: Improper Certificate Validation in SMTP Server Communication
CVE-2024-12174
- December 09, 2024
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.
Tenable Security Center: Improper Privilege Management (CVE-2024-5759)
CVE-2024-5759
6.3 - Medium
- June 12, 2024
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges
Improper Privilege Management
Tenable Security Center Stored XSS in Scan Result Page
CVE-2024-1891
5.4 - Medium
- June 12, 2024
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.
XSS
Security Center Repo Params HTML Injection -> Redirection
CVE-2024-1471
4.8 - Medium
- February 14, 2024
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
XSS
Security Center App: CLI Injection via Logging Params (CVE-2024-1367)
CVE-2024-1367
7.2 - High
- February 14, 2024
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenable Security Center or by Tenable? Click the Watch button to subscribe.
