Junction File Manipulation_CVE-2026-33694

7.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P

Description

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.

Basic Information

ID CVE-2026-33694

Source tenable

Published Apr 23, 2026 at 18:09

Modified Apr 23, 2026 at 18:51

Affected Product

Vendor Tenable, Inc.

Product Tenable Nessus, Tenable Nessus Agent

Version Nessus Agent

Affected Versions Tenable, Inc. Tenable Nessus, Tenable Nessus Agent Nessus Agent
Tenable, Inc. Tenable Nessus, Tenable Nessus Agent Nessus

CWE Classification

CWE-59

References

{
    "lastseen": "",
    "description": "This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.",
    "published": "2026-04-23T18:09:41.682Z",
    "modified": "2026-04-23T18:51:13.650Z",
    "type": "cve",
    "title": "Junction File Manipulation",
    "source": "tenable",
    "references": "https://tenable.com/security/tns-2026-12\nhttps://tenable.com/security/tns-2026-13",
    "id": "CVE-2026-33694",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "Tenable, Inc. Tenable Nessus, Tenable Nessus Agent Nessus Agent\nTenable, Inc. Tenable Nessus, Tenable Nessus Agent Nessus",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tenable Nessus, Tenable Nessus Agent",
    "version": "Nessus Agent",
    "vendor": "Tenable, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}