A vulnerability was found in Tenable Terrascan up to 1.18.3 and classified as critical . Impacted is the function remote_type of the file /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan of the component Remote Directory Scan Endpoint . Executing a manipulation of the argument remote_url can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-47357 . The attack can be launched remotely. No exploit exists.