CVE Catalog

CVE-2026-57588

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

Risk Assessment

The risk involves potential theft of sensitive scan result data, which could expose the organization to disclosure of vulnerabilities and system configuration information.

Recommendation

It is recommended to immediately update Nessus to the latest patched version and implement validation of imported scan result files.

Original NVD description (English source)

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS