Cyber Resilience

CVE-2026-2630

HighRCE

Published: 17 February 2026

Published
17 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0117 63.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-2630 is a high-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 36.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2630 is a command injection vulnerability (CWE-78) in Tenable Security Center. Published on 2026-02-17, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw allows an authenticated remote attacker to execute arbitrary code on the underlying server hosting the Tenable Security Center instance.

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network with low complexity and without requiring user interaction. Successful exploitation enables arbitrary code execution on the server, potentially leading to high impacts on confidentiality, integrity, and availability.

Tenable has issued advisory TNS-2026-06 addressing this vulnerability, available at https://www.tenable.com/security/tns-2026-06. Security practitioners should consult this advisory for details on patches and mitigation steps.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The command injection vulnerability (CWE-78) allows low-privileged authenticated remote attackers to achieve arbitrary code execution on the Tenable Security Center server, directly enabling Exploitation of Remote Services (T1210) and Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22221Shared CWE-78
CVE-2026-34792Shared CWE-78
CVE-2025-66203Shared CWE-78
CVE-2025-45378Shared CWE-78
CVE-2026-34005Shared CWE-78
CVE-2021-47745Shared CWE-78
CVE-2026-6644Shared CWE-78
CVE-2021-47747Shared CWE-78
CVE-2024-5461Shared CWE-78
CVE-2018-25143Shared CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection vulnerabilities by validating and sanitizing authenticated user inputs before they are processed by system commands.

prevent

Remediates the specific CVE-2026-2630 command injection flaw through timely identification, testing, and deployment of vendor patches.

prevent

Restricts the types, rates, and volumes of user inputs to the Tenable Security Center, reducing opportunities for command injection exploits.

References