Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN191
_____________________________________________________________________

DATE                : 18/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Tenable Security Center versions
                               6.7.2 and earlier.

=====================================================================
https://www.tenable.com/security/tns-2026-06
_____________________________________________________________________


[R2] Stand-alone Security Patches Available for Tenable Security
Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2

High



Synopsis

Security Center leverages third-party software to help provide
underlying functionality. Several of the third-party components
(Apache, PHP, libcurl) were found to contain vulnerabilities, and
updated versions have been made available by the providers.

Out of caution and in line with best practice, Tenable has opted to
upgrade these components to address the potential impact of the
issues. Security Center Patch SC-202602.1 updates Apache to version
2.4.66, PHP to version 8.2.30, and libcurl to version 8.18.0 to
address the identified vulnerabilities.

Additionally, an externally reported vulnerability was fixed and a
separate patch has been made available, Patch SC-202602.2.

    A Command Injection vulnerability exists where an authenticated,
remote attacker could execute arbitrary code on the underlying server
where Tenable Security Center is hosted.


Solution

Tenable has released Security Center Patches SC-202602.1 and
SC-202602.2 to address these issues. The installation files can be
obtained from the Tenable Downloads Portal:
https://www.tenable.com/downloads/security-center


Additional References
https://docs.tenable.com/release-notes/Content/security-center/2026.htm

This page contains information regarding security vulnerabilities that
may impact Tenable's products. This may include issues specific to our
software, or due to the use of third-party libraries within our software.
Tenable strongly encourages users to ensure that they upgrade or apply
relevant patches in a timely manner.

Tenable takes product security very seriously. If you believe you have
found a vulnerability in one of our products, we ask that you please work
with us to quickly resolve it in order to protect customers. Tenable
believes in responding quickly to such reports, maintaining communication
with researchers, and providing a solution in short order.

For more details on submitting vulnerability information, please see
our Vulnerability Reporting Guidelines page.

If you have questions or corrections about this advisory, please email
[email protected]


Risk Information
CVE ID: CVE-2026-2630
CVE-2025-54090
CVE-2025-13034
CVE-2025-14017
CVE-2025-14524
CVE-2025-14819
CVE-2025-15079
CVE-2025-15224
CVE-2025-14177
CVE-2025-14178
CVE-2025-14180

Tenable Advisory ID: TNS-2026-06
Risk Factor: High

Credit:
Bernard Santillan, OSC Technical Solutions

CVSSv3 Base / Temporal Score:
8.8 / 7.9 (CVE-2026-2630)
6.5 / 5.5 (CVE-2025-54090)
5.9 / 5.2 (CVE-2025-13034)
6.3 / 5.5 (CVE-2025-14017)
5.3 / 4.8 (CVE-2025-14524)
5.3 / 4.6 (CVE-2025-14819)
5.3 / 4.8 (CVE-2025-15079)
3.1 / 2.8 (CVE-2025-15224)
7.5 / 6.5 (CVE-2025-14177)
8.2 / 7.1 (CVE-2025-14178)
7.5 / 6.7 (CVE-2025-14180)
CVSSv3 Vector:
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C (CVE-2026-2630)
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C (CVE-2025-54090)
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C (CVE-2025-13034)
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C (CVE-2025-14017)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C (CVE-2025-14524)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C (CVE-2025-14819)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C (CVE-2025-15079)
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C (CVE-2025-15224)
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C (CVE-2025-14177)
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C (CVE-2025-14178)
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C (CVE-2025-14180)

CVSSv4 Base Score:
7.4 (CVE-2026-2630)
CVSSv4 Vector:
AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P (CVE-2026-2630)

CWE:
CWE-78: Improper Neutralization of Special Elements used in an OS
Command ('OS Command Injection')


Affected Products
Security Center 6.7.2 and earlier


Disclosure Timeline
2026-01-13 - Report received by Tenable
2026-01-22 - Report confirmed as valid
2026-02-17 - CVE ID requested / CVSS v3/v4 scoring calculated
2026-02-17 - Tenable Security Center Patches SC-202602.1 and
              SC-202602.2 released

Advisory Timeline
2026-02-17- [R1] Initial Release
2026-02-17- [R2] Updated CVSS scoring and vectors


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================