Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN015
_____________________________________________________________________

DATE                : 09/01/2026

HARDWARE PLATFORM(S): /
 
OPERATING SYSTEM(S): Systems running Nessus Agent versions prior to
                                  11.0.3, 10.9.3.

=====================================================================
https://www.tenable.com/security/tns-2026-01
_____________________________________________________________________


[R1] Nessus Agent Versions 11.0.3 and 10.9.3 Fix One Vulnerability
High


Synopsis

A vulnerability has been identified in the
installation/uninstallation of the Nessus Agent Tray App on Windows
Hosts which could lead to escalation of privileges.


Solution

Tenable has released Nessus Agent 11.0.3 and Nessus Agent 10.9.3 to
address these issues. The installation files can be obtained from
the Tenable Downloads Portal:
https://www.tenable.com/downloads/nessus-agents.

Additional References
https://docs.tenable.com/release-notes/Content/agent/agent.htm

This page contains information regarding security vulnerabilities
that may impact Tenable's products. This may include issues specific
to our software, or due to the use of third-party libraries within
our software. Tenable strongly encourages users to ensure that
they upgrade or apply relevant patches in a timely manner.

Tenable takes product security very seriously. If you believe you
have found a vulnerability in one of our products, we ask that you
please work with us to quickly resolve it in order to protect
customers. Tenable believes in responding quickly to such reports,
maintaining communication with researchers, and providing a
solution in short order.

For more details on submitting vulnerability information, please
see our Vulnerability Reporting Guidelines page.

If you have questions or corrections about this advisory, please
email [email protected]


Risk Information
CVE ID: CVE-2025-36640
Tenable Advisory ID: TNS-2026-01
Risk Factor: High

Credit:
Lockheed Martin Red Team

CVSSv3 Base / Temporal Score:
8.8 / 7.9
CVSSv3 Vector:
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSSv4 Base Score:
7.3
CVSSv4 Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P

Affected Products
Nessus Agent prior to 10.9.3
Nessus Agent 11.0.0 - 11.0.2

Disclosure Timeline
2025-11-03 - Report received by Tenable
2025-12-09 - Report confirmed as valid
2026-01-07 - Tenable Agent 11.0.3 and Agent 10.9.3 released

Advisory Timeline
2026-01-07 - [R1] Initial Release


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================