The flaw enables a threat actor to create a Windows junction, a type of filesystem symbolic link that can be leveraged to delete arbitrary files with SYSTEM-level privileges.
Once file deletion at that privilege tier is achieved, the condition can cascade into a full arbitrary code execution scenario, effectively granting an attacker complete control over the affected machine.
The vulnerability exploits a class of privilege escalation weakness commonly known as a “symlink attack” or junction abuse. On Windows systems, NTFS junctions redirect file system operations from one directory to another.
When a privileged process such as the Nessus Agent service follows a junction during a file operation without proper validation, it can be manipulated to act on unintended targets.
In this case, an attacker with local access can plant a malicious junction in a location the Nessus Agent service interacts with.
By redirecting the agent’s deletion routine to a critical system file or directory, the attacker can corrupt the operating environment in a controlled manner and subsequently place a malicious payload to be executed under the SYSTEM context.
This technique is particularly dangerous because SYSTEM is the highest privilege level in Windows, surpassing even standard administrator accounts.
Code running as SYSTEM can modify any file, install rootkits, disable security tools, and persist across reboots without restriction.
The vulnerability specifically affects Nessus Agent installations running on Windows. Organizations deploying Nessus Agents across enterprise endpoints for continuous vulnerability scanning are directly in the risk window.
Given that Nessus Agents are often installed on sensitive servers and workstations, successful exploitation could have catastrophic downstream consequences for an organization’s security posture.
Tenable has addressed the vulnerability in Nessus Agent version 11.1.3, which is now available through the Tenable Downloads Portal. The company strongly urges all users to upgrade immediately, emphasizing that timely patch application is critical to reducing exposure.
Tenable reiterated its commitment to responsible disclosure, stating that it maintains active communication with security researchers and prioritizes rapid resolution of product vulnerabilities.
Security teams are also encouraged to report any newly discovered vulnerabilities directly to Tenable to facilitate coordinated patching.
Security administrators should treat this update as a priority deployment, particularly in environments where Nessus Agents are installed on high-value or internet-adjacent Windows systems.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges appeared first on Cyber Security News.
When we think of modern architecture, we often think first of what’s called the International…
This month big tech companies have been dominating the AI news cycle on a number…
Nowadays, people expect instant access to bookings, communication, and maps the moment they land in…
Your embeddings are solid. Your vector database is tuned. Your LLM is capable. So why…
A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration…
Written from press release MARTINSVILLE, Ind. — April 26, 2026 A 20-year-old Indianapolis man died…
This website uses cookies.