A security vulnerability has been identified in Tenable Nessus Agent for Windows that could allow a local attacker to abuse Windows file system junctions to delete critical system files, potentially impacting the stability and security of the affected system.

Affected Systems:

Tenable Nessus Agent for Windows: All versions prior to 11.1.3

Security Risks

The successful exploitation of these vulnerabilities could allow an attacker with local access could manipulate how the Nessus Agent handles file operations. This may lead to deletion of critical system files and execution of malicious code with full administrative control (SYSTEM level).

For the full list of security updates released by Tenable, please refer to Tenable Product Security Advisories.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators:

• Upgrade to the latest supported version of the installed software as soon as possible to ensure continued access to security patches and technical support.

The recommended version:

• Tenable Nessus Agent for Windows: upgrade to version 11.1.3 or later, available from the official Tenable Downloads Portal.

• Apply the update to all affected Windows systems as a priority.

• Ensure valid backups are available before applying updates.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://www.tenable.com/security

• https://www.tenable.com/security/tns-2026-12

• https://www.tenable.com/downloads/nessus-agents