PatchSiren cyber security CVE debrief
CVE-2026-13007 tenable CVE debrief
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data, including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings, to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied. This vulnerability has a CVSS score of 8.7 and is considered HIGH severity. The CVE was published on 2026-06-23T17:16:41.243Z and last modified on 2026-06-25T19:10:00.050Z. The vendor is identified as Unknown Vendor, but evidence suggests the product is from Tenable. Further analysis is needed to determine the full scope of affected products and versions.
- Vendor
- tenable
- Product
- Tenable Identity Exposure
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-25
Who should care
Security teams and administrators responsible for Tenable Identity Exposure deployments should be aware of this vulnerability. The exposure of sensitive data, including cleartext LDAP credentials, poses a significant risk to the security of affected systems. Organizations using Tenable Identity Exposure should review their deployments and apply necessary patches or mitigations to prevent exploitation.
Technical summary
CVE-2026-13007 is a vulnerability in Tenable Identity Exposure that exposes sensitive application configuration data through unauthenticated API endpoints. The affected endpoints are located under /w/api/* and include cleartext LDAP credentials, SAML configuration, user accounts, and directory settings. The vulnerability allows remote attackers to access this sensitive data without authentication. Responses from these endpoints are served with Cache-Control: public headers and without Vary: Cookie, which enables reverse proxies and CDNs to cache and serve the sensitive data to unauthenticated users even after authentication has been applied. This vulnerability has a CVSS score of 8.7, indicating a high severity level.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, as it involves the exposure of sensitive data. Security teams should work closely with system administrators to identify and remediate affected systems.
Recommended defensive actions
- Review and apply patches or updates provided by the vendor to address the vulnerable API endpoints.
- Implement additional security controls, such as authentication and authorization, for API endpoints that handle sensitive data.
- Configure reverse proxies and CDNs to properly handle sensitive data and avoid caching it.
- Conduct a thorough review of system configurations and user accounts to identify potential exposure.
- Monitor system logs and network traffic for signs of exploitation.
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. The source item URL provides additional context from the NVD database. The reference URL from Tenable provides vendor-specific information about the vulnerability.
Official resources
-
CVE-2026-13007 CVE record
CVE.org
-
CVE-2026-13007 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
This article is AI-assisted and based on the supplied source corpus.