Critical Nessus Agent Vulnerability Allows SYSTEM-Level Code Execution

Severity: High (Score: 72.6)

Sources: Cybersecuritynews, Gbhackers

Summary

Tenable has disclosed a high-severity vulnerability in its Nessus Agent software for Windows, tracked as CVE-2026-33694, which allows attackers to execute arbitrary code with SYSTEM-level privileges. The flaw arises from improper link resolution before file access, categorized under CWE-59 (Link Following). This vulnerability affects organizations using the widely-deployed Nessus Agent for vulnerability assessments, posing a significant risk to enterprise security. A patch has been released in version 11.1.3 of the Nessus Agent to address this issue. Security teams are urged to update their systems immediately to mitigate the risk of exploitation. The vulnerability was published on April 23, 2026, and is considered critical due to its potential impact on system integrity and confidentiality. Key Points: • CVE-2026-33694 allows arbitrary code execution with SYSTEM privileges. • The vulnerability affects Tenable's Nessus Agent for Windows. • A patch has been released in version 11.1.3; immediate updates are recommended.

Key Entities

• Malware (attack_type)
• Tenable (company)
• CVE-2026-33694 (cve)
• Cwe-59 - Improper Link Resolution Before File Access (cwe)
• Windows (platform)