Nessus Network Monitor < 6.5.3 Multiple Vulnerabilities (TNS-2026-02)

🗓️ 29 Jan 2026 00:00:00Reported by TenableType

Nessus Network Monitor older than 6.5.3 has multiple vulnerabilities in SQLite and libxml2, including heap overflow, use afterfree, and memory corruption.

Reporter	Title	Published	Views	Family All 2542
IBM Security Bulletins	Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)	7 Oct 202415:19	–	ibm
IBM Security Bulletins	Security Bulletin: AIX/VIOS is affected by multiple vulnerabilities due to Python	19 Nov 202515:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management	25 Apr 202510:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps	18 Dec 202501:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libxml2 affect AIX/VIOS	17 Jul 202516:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	3 Mar 202600:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps	25 Jun 202513:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed	3 Dec 202506:06	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)	8 Oct 202410:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a stack overflow vulnerability in libexpat library [CVE-2024-8176]	13 Jun 202516:26	–	ibm

Source	Link
nessus	www.nessus.org/u
tenable	www.tenable.com/security/TNS-2026-02
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(297102);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/03");

  script_cve_id(
    "CVE-2023-7104",
    "CVE-2024-0232",
    "CVE-2024-8176",
    "CVE-2025-4947",
    "CVE-2025-5025",
    "CVE-2025-6021",
    "CVE-2025-7425",
    "CVE-2025-10148",
    "CVE-2025-10911",
    "CVE-2025-10966",
    "CVE-2025-11731",
    "CVE-2025-13034",
    "CVE-2025-14017",
    "CVE-2025-14524",
    "CVE-2025-14819",
    "CVE-2025-15079",
    "CVE-2025-15224",
    "CVE-2025-31498",
    "CVE-2025-49794",
    "CVE-2025-49796",
    "CVE-2025-59375",
    "CVE-2025-62408"
  );

  script_name(english:"Nessus Network Monitor < 6.5.3 Multiple Vulnerabilities (TNS-2026-02)");

  script_set_attribute(attribute:"synopsis", value:
"An instance of Tenable NNM installed on the remote system is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.5.3. It is,
therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-02 advisory.

  - A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects
    the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest
    Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix
    this issue. The associated identifier of this vulnerability is VDB-248999. (CVE-2023-7104)

  - A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under
    certain circumstances when the XML schematron has the <sch:name path=.../> schema elements. This flaw
    allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the
    program's crash using libxml or other possible undefined behaviors. (CVE-2025-49794)

  - A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can
    trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that
    can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to
    sensitive data being corrupted in memory. (CVE-2025-49796)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://docs.tenable.com/release-notes/Content/network-monitor/2026.htm#653
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7dcbaf29");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/TNS-2026-02");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Nessus Network Monitor 6.5.3 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-49796");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-7104");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-31498");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tenable:nnm");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nnm_installed_win.nbin", "nnm_installed_nix.nbin");
  script_require_keys("installed_sw/Tenable NNM", "Host/nnm_installed");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Tenable NNM', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '6.5.3'}
      ]
    }
  ]
};

var res = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:res);

03 Feb 2026 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.17.3 - 9.1

CVSS 25.2

CVSS 35.5

CVSS 48.3

EPSS0.02116

SSVC