CVE-2026-2697 (GCVE-0-2026-2697)
Vulnerability from cvelistv5 – Published: 2026-02-23 15:17 – Updated: 2026-02-26 14:44
VLAI
Title
Indirect Object Reference (IDOR) in Security Center
Summary
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
Severity
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tenable | Security Center |
Affected:
0 , < 6.8.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T04:56:37.938906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:10.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Security Center",
"vendor": "Tenable",
"versions": [
{
"lessThan": "6.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter."
}
],
"value": "An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T15:17:13.031Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/tns-2026-07"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote: \u003c/strong\u003ePatches that include fixes for \u003cu\u003eApache, PHP and Libcurl\u003c/u\u003e\u0026nbsp;were recently released (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/security/tns-2026-06)\"\u003ehttps://www.tenable.com/security/tns-2026-06)\u003c/a\u003e. Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.tenable.com/release-notes/Content/security-center/2026.htm\"\u003eTenable SC Release Notes\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e"
}
],
"value": "Tenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center \n\nNote: Patches that include fixes for Apache, PHP and Libcurl\u00a0were recently released ( https://www.tenable.com/security/tns-2026-06) . Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the Tenable SC Release Notes https://docs.tenable.com/release-notes/Content/security-center/2026.htm \u00a0for more information."
}
],
"source": {
"advisory": "tns-2026-07",
"discovery": "EXTERNAL"
},
"title": "Indirect Object Reference (IDOR) in Security Center",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2026-2697",
"datePublished": "2026-02-23T15:17:13.031Z",
"dateReserved": "2026-02-18T15:05:03.676Z",
"dateUpdated": "2026-02-26T14:44:10.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-2697",
"date": "2026-05-27",
"epss": "0.00147",
"percentile": "0.3473"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-2697\",\"sourceIdentifier\":\"vulnreport@tenable.com\",\"published\":\"2026-02-23T16:29:37.323\",\"lastModified\":\"2026-04-29T01:00:01.613\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter.\"},{\"lang\":\"es\",\"value\":\"Una Referencia Indirecta a Objeto (IDOR) en Security Center permite a un atacante remoto autenticado escalar privilegios a trav\u00e9s del par\u00e1metro \u0027owner\u0027.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"vulnreport@tenable.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"vulnreport@tenable.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"vulnreport@tenable.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.8.0\",\"matchCriteriaId\":\"17DB70B4-3F31-4D7A-BEBF-00E422A8FA3B\"}]}]}],\"references\":[{\"url\":\"https://www.tenable.com/security/tns-2026-07\",\"source\":\"vulnreport@tenable.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2697\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-24T04:56:37.938906Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-23T16:03:56.807Z\"}}], \"cna\": {\"title\": \"Indirect Object Reference (IDOR) in Security Center\", \"source\": {\"advisory\": \"tns-2026-07\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\", \"exploitMaturity\": \"PROOF_OF_CONCEPT\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Tenable\", \"product\": \"Security Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.8.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Tenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center \\n\\nNote: Patches that include fixes for Apache, PHP and Libcurl\\u00a0were recently released ( https://www.tenable.com/security/tns-2026-06) . Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the Tenable SC Release Notes https://docs.tenable.com/release-notes/Content/security-center/2026.htm \\u00a0for more information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eTenable has released Security Center 6.8.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.tenable.com/downloads/security-center\\\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote: \u003c/strong\u003ePatches that include fixes for \u003cu\u003eApache, PHP and Libcurl\u003c/u\u003e\u0026nbsp;were recently released (\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.tenable.com/security/tns-2026-06)\\\"\u003ehttps://www.tenable.com/security/tns-2026-06)\u003c/a\u003e. Tenable Security Center 6.8.0 includes all of these fixes. Please refer to the \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.tenable.com/release-notes/Content/security-center/2026.htm\\\"\u003eTenable SC Release Notes\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.tenable.com/security/tns-2026-07\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the \u0027owner\u0027 parameter.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639: Authorization Bypass Through User-Controlled Key\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8.0\", \"versionStartIncluding\": \"0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"5ac1ecc2-367a-4d16-a0b2-35d495ddd0be\", \"shortName\": \"tenable\", \"dateUpdated\": \"2026-02-23T15:17:13.031Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2697\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T14:44:10.953Z\", \"dateReserved\": \"2026-02-18T15:05:03.676Z\", \"assignerOrgId\": \"5ac1ecc2-367a-4d16-a0b2-35d495ddd0be\", \"datePublished\": \"2026-02-23T15:17:13.031Z\", \"assignerShortName\": \"tenable\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…