Changeflow GovPing Data Privacy & Cybersecurity Tenable Patches High-Severity Arbitrary Code Ex...
Priority review Guidance Added Final

Tenable Patches High-Severity Arbitrary Code Execution Vulnerability in Nessus

Favicon for www.acn.gov.it Italy ACN News alt
Published
Detected
Email

Summary

Italy's National Cybersecurity Agency (ACN) published Alert AL03/260424/CSIRT-ITA on 24 April 2026, disclosing a high-severity vulnerability (CVE-2026-33694) in Tenable Nessus (version 10.11.3 and earlier on Windows) and Nessus Agent (version 11.1.2 and earlier on Windows). The flaw, rated with a CVSS impact score of 64.35, could allow an authenticated attacker to execute arbitrary code on affected systems. ACN recommends updating to patched versions as indicated in Tenable's security bulletins TNS-2026-12 and TNS-2026-13.

“Tale vulnerabilità, qualora sfruttata, potrebbe consentire ad un utente malintenzionato di eseguire codice arbitrario sui sistemi interessati.”

ACN , verbatim from source
Why this matters

Organizations running Nessus or Nessus Agent on Windows should prioritize patching to the latest versions referenced in Tenable's TNS-2026-12 and TNS-2026-13 bulletins. As Nessus is a vulnerability scanner often used by security teams to assess their own infrastructure, its compromise could enable lateral movement across an enterprise network — making this a higher-priority patch than a typical third-party application update.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by ACN on acn.gov.it . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Italy ACN News alt for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 7 changes logged to date.

View original document View source feed page

What changed

ACN Italy published a security alert disclosing a high-severity arbitrary code execution vulnerability in Tenable Nessus and Nessus Agent for Windows. The vulnerability affects Nessus versions 10.11.3 and earlier and Nessus Agent versions 11.1.2 and earlier. An attacker could exploit this flaw to execute arbitrary code on affected systems. The alert references CVE-2026-33694 and links to Tenable's security bulletins TNS-2026-12 and TNS-2026-13. Organizations using Nessus or Nessus Agent on Windows should update to the latest versions immediately to remediate the risk.

What to do next

  1. Update Nessus to version 10.11.4 or later (Windows)
  2. Update Nessus Agent to version 11.1.3 or later (Windows)

Archived snapshot

Apr 24, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Tenable: sanata vulnerabilità in Nessus

**
Alert**

AL03/260424/CSIRT-ITA

Condividi
- Facebook
- Twitter
- LinkedIn
- Whatsapp

Sintesi

Tenable ha rilasciato aggiornamenti di sicurezza che risolvono una vulnerabilità con gravità “alta” nel noto vulnerability scanner Nessus. Tale vulnerabilità, qualora sfruttata, potrebbe consentire ad un utente malintenzionato di eseguire codice arbitrario sui sistemi interessati.

Tipologia

Arbitrary Code Execution

Prodotti e/o versioni affette

Nessus

  • versione 10.11.3 e precedenti (Windows)
    Nessus Agent

  • versione 11.1.2 e precedenti (Windows)

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di aggiornare i prodotti vulnerabili seguendo le indicazioni dei bollettini di sicurezza riportati nella sezione Riferimenti.

CVE (1)

Cerca:
| CVE | POC | EXPLOITATION |
| --- | --- | --- |
| CVE-2026-33694 | - | - |

Riferimenti (2)

  1. https://www.tenable.com/security/tns-2026-12
  2. https://www.tenable.com/security/tns-2026-13

Change log

Versione Note Data
1.0 Pubblicato il 24-04-2026 24/04/2026

Impatto sistemico

Medio (64.35)

Argomenti

Data pubblicazione

24/04/26 ore 14:48

Data Ultimo Aggiornamento

24/04/26 ore 14:48

Parties

Tenable

Related changes

Favicon for www.acn.gov.it Ruby ERB Remote Code Execution Vulnerability CVE-2026-41316
Priority review Apr 23, 2026 Italy ACN News alt Data Privacy & Cybersecurity
Favicon for www.acn.gov.it Spring Patches 8 Vulnerabilities Including Critical Arbitrary Code Execution Flaw
Priority review Apr 24, 2026 Italy ACN News alt Data Privacy & Cybersecurity
Favicon for www.acn.gov.it CrowdStrike LogScale Arbitrary File Read Vulnerability Resolved
Priority review Apr 23, 2026 Italy ACN News alt Data Privacy & Cybersecurity

Get daily alerts for Italy ACN News alt

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.acn.gov.it
Italy ACN News alt acn.gov.it/portale/feedrss/-/journal/rss/20119/723192
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from ACN.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
ACN
Published
April 24th, 2026
Instrument
Guidance
Branch
Executive
Source language
it
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Manufacturers Technology companies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability remediation Software patching Security advisory response
Geographic scope
IT IT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Consumer Protection

Browse Categories

Agriculture & Food Safety 84 AI Regulation 3 Banking & Finance 499 Consumer Protection 141 Courts & Legal 635 Data Privacy & Cybersecurity 150 Defense & National Security 52 Education 64 Energy 137 Environment 170 Gaming 2 Government & Legislation 521 Healthcare 15 Healthcare & Life Sciences 401 Immigration 11 Insurance 90 Labor & Employment 193 Pharma & Drug Safety 21 Professional Licensing 6 Real Estate & Housing 76 Securities & Markets 175 Tax 116 Telecom & Technology 56 Trade & Sanctions 169 Transportation 129

Get alerts for this source

We'll email you when Italy ACN News alt publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!