Multiple vulnerabilities in Tenable Identity Exposure (June 24, 2026)
Multiple vulnerabilities have been discovered in Tenable Identity Exposure. Some of them allow an attacker to cause remote arbitrary code execution, remote denial of service, and a breach of data confidentiality.
CSIRTS triage
- What
- Multiple vulnerabilities allow for remote arbitrary code execution, denial of service, and data confidentiality breaches.
- Who is affected
- Deployments of Tenable Identity Exposure.
- Urgency
- Remediation is urgent due to the critical nature of the vulnerabilities and potential exploitation.
- Action
- Update to the latest version of Tenable Identity Exposure.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Identity Exposure
Get an email when a new Identity Exposure advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0796/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2025-661990.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
- Low exploitation riskCVE-2026-427890.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
- Moderate exploitation riskCVE-2026-216371.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 60% of all scored CVEs.
- Low exploitation riskCVE-2026-341800.51% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 40% of all scored CVEs.
- Low exploitation riskCVE-2025-552480.68% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Low exploitation riskCVE-2026-351880.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2026-427660.60% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 44% of all scored CVEs.
- Low exploitation riskCVE-2026-90760.30% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 21% of all scored CVEs.
- Low exploitation riskCVE-2025-154690.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-19650.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
Referenced CVEs
+12 more CVEs referenced in this advisory.
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] cURL: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] OpenSSL: Multiple Vulnerabilitiescert-bund
- high[NEW] [high] Dell PowerProtect Data Domain: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] OpenSSL: Multiple vulnerabilitiescert-bund
- critical[UPDATE] [critical] Node.js: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Node.js: Multiple vulnerabilitiescert-bund
- unknownMultiple vulnerabilities in IBM products (June 26, 2026)cert-fr-avis
- unknownSiemens Products using OpenSSLcisa
- unknownMultiple Vulnerabilities in Microsoft Products (June 22, 2026)cert-fr-avis
- highCVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsingmsrc
- highCVE-2026-45591: ASP.NET Core Denial of Service Vulnerabilitymsrc
- highCVE-2026-34183: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handlermsrc
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10