Detections
Analytics

Nessus Network Monitor < 6.5.3 Multiple Vulnerabilities (TNS-2026-02)

critical Nessus Plugin ID 297102

Synopsis

An instance of Tenable NNM installed on the remote system is affected by multiple vulnerabilities.

Description

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.5.3. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-02 advisory.

 - A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. (CVE-2023-7104)

 - A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path=.../> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. (CVE-2025-49794)

 - A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. (CVE-2025-49796)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Nessus Network Monitor 6.5.3 or later.

See Also

http://www.nessus.org/u?7dcbaf29

https://www.tenable.com/security/TNS-2026-02

Plugin Details

Severity: Critical

ID: 297102

File Name: nnm_6_5_3.nasl

Version: 1.1

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 1/29/2026

Updated: 1/29/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2025-49796

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Vulnerability Information

CPE: cpe:/a:tenable:nnm

Required KB Items: installed_sw/Tenable NNM, Host/nnm_installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/27/2026

Vulnerability Publication Date: 1/27/2026

Reference Information

CVE: CVE-2023-7104, CVE-2024-0232, CVE-2024-8176, CVE-2025-10148, CVE-2025-10911, CVE-2025-10966, CVE-2025-11731, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2025-31498, CVE-2025-4947, CVE-2025-49794, CVE-2025-49796, CVE-2025-5025, CVE-2025-59375, CVE-2025-6021, CVE-2025-62408, CVE-2025-7425