Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges

HomeCyber Security Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges By Guru Baran April 27, 2026 A newly disclosed security vulnerability in Tenable’s Nessus Agent for Windows could allow attackers to execute malicious code with the highest level of system privileges, raising serious concerns for enterprise security teams relying on the widely-deployed vulnerability assessment platform. The flaw enables a threat actor to create a Windows junction, a type of filesystem symbolic link that can be leveraged to delete arbitrary files with SYSTEM-level privileges. Once file deletion at that privilege tier is achieved, the condition can cascade into a full arbitrary code execution scenario, effectively granting an attacker complete control over the affected machine. Nessus Agent Vulnerability on Windows The vulnerability exploits a class of privilege escalation weakness commonly known as a “symlink attack” or junction abuse. On Windows systems, NTFS junctions redirect file system operations from one directory to another. When a privileged process such as the Nessus Agent service follows a junction during a file operation without proper validation, it can be manipulated to act on unintended targets. In this case, an attacker with local access can plant a malicious junction in a location the Nessus Agent service interacts with. By redirecting the agent’s deletion routine to a critical system file or directory, the attacker can corrupt the operating environment in a controlled manner and subsequently place a malicious payload to be executed under the SYSTEM context. This technique is particularly dangerous because SYSTEM is the highest privilege level in Windows, surpassing even standard administrator accounts. Code running as SYSTEM can modify any file, install rootkits, disable security tools, and persist across reboots without restriction. The vulnerability specifically affects Nessus Agent installations running on Windows. Organizations deploying Nessus Agents across enterprise endpoints for continuous vulnerability scanning are directly in the risk window. Given that Nessus Agents are often installed on sensitive servers and workstations, successful exploitation could have catastrophic downstream consequences for an organization’s security posture. Patch Available Tenable has addressed the vulnerability in Nessus Agent version 11.1.3, which is now available through the Tenable Downloads Portal. The company strongly urges all users to upgrade immediately, emphasizing that timely patch application is critical to reducing exposure. Tenable reiterated its commitment to responsible disclosure, stating that it maintains active communication with security researchers and prioritizes rapid resolution of product vulnerabilities. Security teams are also encouraged to report any newly discovered vulnerabilities directly to Tenable to facilitate coordinated patching. Security administrators should treat this update as a priority deployment, particularly in environments where Nessus Agents are installed on high-value or internet-adjacent Windows systems. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news vulnerability Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran is the Co-Founder and Editor-in-Chief of CyberSecurityNews.com, specializing in vulnerability analysis, malware research, ransomware, and computer forensics. Trending News Malicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions Critical Gardyn Smart Gardens Vulnerabilities Let Attackers Control Devices Remotely Gh0st RAT and CloverPlus Adware Delivered Together in New Dual-Payload Malware Campaign Researchers Say Iranian MOIS Uses Multiple Hacker Personas for One Coordinated Cyber Campaign Latest News Cyber Security Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools Cyber Security New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions Cyber Security News CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack Cyber Security News Claude AI Agents Close 186 Deals in Anthropic’s Marketplace Experiment Bug Bounty GPT‑5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities