CVE-2026-2630

HighRCE

Published: 17 February 2026

Published

17 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0041 61.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2630 is a high-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 38.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection vulnerabilities by validating and sanitizing authenticated user inputs before they are processed by system commands.

SI-2 Flaw Remediation good match

prevent

Remediates the specific CVE-2026-2630 command injection flaw through timely identification, testing, and deployment of vendor patches.

SI-9 Information Input Restrictions partial match

prevent

Restricts the types, rates, and volumes of user inputs to the Tenable Security Center, reducing opportunities for command injection exploits.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The command injection vulnerability (CWE-78) allows low-privileged authenticated remote attackers to achieve arbitrary code execution on the Tenable Security Center server, directly enabling Exploitation of Remote Services (T1210) and Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.

Deeper analysisAI

CVE-2026-2630 is a command injection vulnerability (CWE-78) in Tenable Security Center. Published on 2026-02-17, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw allows an authenticated remote attacker to execute arbitrary code on the underlying server hosting the Tenable Security Center instance.

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network with low complexity and without requiring user interaction. Successful exploitation enables arbitrary code execution on the server, potentially leading to high impacts on confidentiality, integrity, and availability.

Tenable has issued advisory TNS-2026-06 addressing this vulnerability, available at https://www.tenable.com/security/tns-2026-06. Security practitioners should consult this advisory for details on patches and mitigation steps.

Details

CWE(s): CWE-78

CVEs Like This One

CVE-2026-22221Shared CWE-78

CVE-2025-66211Shared CWE-78

CVE-2025-45378Shared CWE-78

CVE-2024-5461Shared CWE-78

CVE-2021-47745Shared CWE-78

CVE-2026-5707Shared CWE-78

CVE-2025-56113Shared CWE-78

CVE-2026-34792Shared CWE-78

CVE-2026-34005Shared CWE-78

CVE-2017-20215Shared CWE-78

References

https://www.tenable.com/security/tns-2026-06
vulnreport@tenable.com