SQL Injection in Nessus via Reverse DNS
CVE-2026-57587 Published on June 25, 2026

SQL Injection in Nessus via Reverse DNS Lookup
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

Vendor Advisory NVD

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2026-57587 has been classified to as a SQL Injection vulnerability or weakness.

Products Associated with CVE-2026-57587

Want to know whenever a new CVE is published for Tenable Nessus? stack.watch will email you.

Tenable Nessus

Affected Versions

tenable Nessus Version prior to 10.12.1 is affected by CVE-2026-57587

SQL Injection in Nessus via Reverse DNSCVE-2026-57587 Published on June 25, 2026

Weakness Type

What is a SQL Injection Vulnerability?

Products Associated with CVE-2026-57587

Affected Versions

SQL Injection in Nessus via Reverse DNS
CVE-2026-57587 Published on June 25, 2026