CVE-2026-33694

Summary

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
Tenable, Inc.Tenable Nessus, Tenable Nessus AgentNessus Agent <= 11.1.2affected
Tenable, Inc.Tenable Nessus, Tenable Nessus AgentNessus <= 10.11.3affected

Weaknesses

  • CWE-59: CWE-59 Improper link resolution before file access ('link following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References