CVE-2026-57588
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.
Risk Assessment
The risk involves potential theft of sensitive scan result data, which could expose the organization to disclosure of vulnerabilities and system configuration information.
Recommendation
It is recommended to immediately update Nessus to the latest patched version and implement validation of imported scan result files.
Original NVD description (English source)
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

