CVE-2026-33694 Junction File Manipulation

🗓️ 23 Apr 2026 18:09:41Reported by tenableType

CVE-2026-33694 enables a junction to delete arbitrary files as SYSTEM, risking code execution.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-33694	23 Apr 202618:09	–	attackerkb
Circl	CVE-2026-33694	23 Apr 202621:25	–	circl
CNNVD	Tenable Nessus 后置链接漏洞	23 Apr 202600:00	–	cnnvd
CVE	CVE-2026-33694	23 Apr 202618:09	–	cve
EUVD	EUVD-2026-25265	23 Apr 202621:31	–	euvd
Tenable Nessus	Tenable Nessus < 10.11.4 / 10.12.0 Arbitrary File Deletion (TNS-2026-13)	30 Apr 202600:00	–	nessus
Tenable Nessus	Tenable Nessus Agent < 11.1.3 Arbitrary File Deletion (TNS-2026-12)	24 Apr 202600:00	–	nessus
NVD	CVE-2026-33694	23 Apr 202619:17	–	nvd
Positive Technologies	PT-2026-34718	23 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-33694	5 Jun 202619:17	–	redhatcve

[
  {
    "vendor": "Tenable, Inc.",
    "product": "Tenable Nessus, Tenable Nessus Agent",
    "platforms": [
      "Windows"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "Nessus Agent",
        "lessThanOrEqual": "11.1.2",
        "versionType": ".msi"
      },
      {
        "status": "affected",
        "version": "Nessus",
        "lessThanOrEqual": "10.11.3",
        "versionType": ".msi"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
tenable	www.tenable.com/security/tns-2026-12
tenable	www.tenable.com/security/tns-2026-13

23 Apr 2026 18:09Current

CVSS 48.6

EPSS0.00031

CWE-59