CVE-2026-57587
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
Risk Assessment
The risk involves potential theft of sensitive data from vulnerability scan results, which could expose details of the organization's IT infrastructure.
Recommendation
It is recommended to immediately update Nessus to the latest patched version and limit trust in DNS records from untrusted sources.
Original NVD description (English source)
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

