CVE Catalog

CVE-2026-57587

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

Risk Assessment

The risk involves potential theft of sensitive data from vulnerability scan results, which could expose details of the organization's IT infrastructure.

Recommendation

It is recommended to immediately update Nessus to the latest patched version and limit trust in DNS records from untrusted sources.

Original NVD description (English source)

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS