Detections
Analytics
Tenable Nessus < 10.10.2 / 10.11.0 < 10.11.2 Multiple Vulnerabilities (TNS-2026-04)
medium Nessus Plugin ID 298226
Synopsis
An instance of Nessus installed on the remote system is affected by multiple vulnerabilities.Description
According to its self-reported version, the Tenable Nessus application running on the remote host prior to 10.10.2, 10.11.0 prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-04 advisory.- In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
(CVE-2026-24515)
- In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. (CVE-2026-25210)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Tenable Nessus 10.10.2, 10.11.2 or later.See Also
https://docs.tenable.com/release-notes/Content/nessus/nessus.htm
Plugin Details
Severity: Medium
ID: 298226
File Name: nessus_TNS-2026-04.nasl
Version: 1.1
Type: combined
Agent: windows, macosx, unix
Family: Misc.
Published: 2/6/2026
Updated: 2/6/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.0
Vendor
Vendor Severity: High
CVSS v2
Risk Factor: Medium
Base Score: 5.9
Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:P
CVSS Score Source: CVE-2026-25210
CVSS v3
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
CVSS Score Source: CVE-2026-25210
Vulnerability Information
CPE: cpe:/a:tenable:nessus
Required KB Items: installed_sw/Tenable Nessus
Exploit Ease: No known exploits are available
Patch Publication Date: 2/5/2026
Vulnerability Publication Date: 1/23/2026
Reference Information
CVE: CVE-2026-24515, CVE-2026-25210