Tenable Exposure Management 2026 Release Notes

Tenable has streamlined the Attack Path section of Tenable Exposure Management to reduce noise and bridge the hybrid gap. These updates include:

• Hybrid Lateral Movement (On-Prem > GCP) — Attack Path now links on-prem JSON credential files to GCP Service Accounts, exposing real-world paths to cloud takeover.

• Exploitable CVEs Only — Using upgraded TVDB V3 intelligence, we now only map paths for verified exploitable CVEs.

  Note: You should expect a drop in path counts as we purge non-exploitable noise.

• Performance Boost — We've removed the "service" node to significantly speed up calculation times without impacting the risk coverage (this node was not used for technique or path calculations).

These updates ensure your team focuses on Choke Points that represent real, executable risk. For more information, see Attack Path in the Tenable Exposure Management User Guide.

Tenable has standardized the naming conventions for asset classification across Tenable Exposure Management (EM) and Tenable Vulnerability Management (VM). Previously referred to as Device Profiling, this feature is now universally titled Asset Classification. This alignment ensures that risk drivers and asset properties are labeled identically regardless of which platform or view you are using, providing a seamless experience for cross-platform analysis.

Key Terminology Updates:

• Asset Category: Replaces Device Class (VM) and Device Profile (EM).

• Asset Function: Replaces Device Subclasses (VM) and Device Functionality (EM).

• Categorization Confidence/Drivers: Replaces all Profile Confidence/Drivers labels.

• Unified Value Display: Data values are now standardized across the platform. For example, inconsistent labels like "Workload device" vs. "VM or Workload" have been unified into a single, clear naming convention based on the Tenable standard.

For more information, see the Asset Categorization Quick Reference Guide.

Tenable is excited to announce the following highly requested additions and updates to the Tenable Exposure Management application.

Widget to Inventory Drill Down

Gain deeper insights with the new Widget Drill Down capability. Users can now click directly on the dashboard’s widgets to view the underlying data in the Assets or Findings Inventory pages.

• Contextual Navigation: Redirection is intelligently mapped based on the widget’s specific measures.

• Persistent Filtering: Any filters currently applied to your dashboard will automatically carry over to the inventory view, ensuring you never lose your place during an investigation.

For more information, see Drill Down to Inventory Data in the Tenable Exposure Management User Guide.

Dashboard Grid Mode & Snap to Grid

Introducing a new Grid View to the dashboard creator and editor, providing a visual guide for precise widget placement.

• Toggleable Gridlines: Use the View menu to toggle gridlines on or off (off by default) to suit your design preference.

• Snap-to-Grid: Perfect your layout instantly. By selecting a widget and clicking Snap to Grid, the widget automatically aligns with the nearest grid lines for a clean, organized look.

For more information, see Create a Dashboard in the Tenable Exposure Management User Guide.

Orca Security Third-Party Connector Availability

Tenable is excited to announce the addition of the Orca Security connector for use with Tenable Exposure Management. This new integration allows you to automatically ingest assets and security findings from Orca’s agentless platform directly into Tenable.

By unifying Orca’s multi-cloud visibility with Tenable’s exposure analytics, you can now assess and prioritize cloud-native risks alongside your traditional infrastructure, ensuring comprehensive coverage of your entire attack surface.

For more information, see Orca Connector in the Tenable Exposure Management User Guide.

Multi-Instance Support for Tenable Vulnerability Management

Tenable Exposure Management now supports the ability to connect multiple, distinct Tenable Vulnerability Management accounts into a single workspace.

This "connector" approach is designed for large enterprises managing segmented environments, acquisitions, or regional instances. It allows you to aggregate asset and vulnerability data from separate Tenable Vulnerability Management tenants into one centralized view, ensuring a unified global risk assessment without needing to merge accounts manually.

For more information, see Tenable Vulnerability Management Connector in the Tenable Exposure Management User Guide.

Tenable Open Connector - Phase 1 (Upload Static File)

We are excited to introduce the Tenable Open Connector, a flexible new method to bring data from any source into theTenable platform.

This feature enables the manual ingestion of asset and vulnerability data via static file upload (e.g., CSV, JSON). This is critical for organizations that need to track assets from custom internal tools, manual pen-test reports, or air-gapped systems. Once uploaded, this "offline" data is fully correlated with your existing platform metadata, ensuring a comprehensive risk view that leaves no gaps.

For more information, see Tenable Open Connector in the Tenable Exposure Management User Guide.

Tenable is excited to announce the Tenable FedRAMP Moderate availability of mobilization services in Tenable Exposure Management. Unify teams and streamline remediation workflows by generating tickets from findings. Expose and close critical risks from a single platform across multiple domains, including third-party data.

For more information, see:

• Storylane demo for Tenable Mobilization

• Create a ServiceNow Ticket and Create a Jira Ticket in the Tenable Exposure Management User Guide

• Mobilization Quick Reference Guide

Tenable is excited to announce the addition of the ORDR third-party connector within Tenable Exposure Management. ORDR is an OT connector that pulls asset and findings data from the ORDR platform. Users can configure this connector directly within the Connectors section of Tenable Exposure Management.

For more information, see ORDR Connector in the Tenable Exposure Management User Guide.