Tenable Nessus 2025 Release Notes

Tip: You can subscribe to receive alerts for Tenable documentation updates.

Plugin Releases

For information about recent changes to Tenable Nessus plugins, see the Plugin Release Notes.

Tenable Nessus 10.9.4 (2025-09-24)

Bug Fix Defect ID
Improved scan performance by eliminating unnecessary rDNS lookups. 753654, 392607
Improved the functionality of nessusd.exe during the installation process to prevent installation failures on Windows. 02299766, 02301221, 02316698, 02304622
Updated the Tenable Nessus installer for compatibility with macOS 15.6. 02302429, 02302597, 02303074, 02303503, 02303300, 02304365, 02305049, 02305528, 02306171, 02306190, 02304979, 02306117, 02307959, 02308080, 02308148, 02308282, 02308317, 02308917, 02309085, 02309203, 02309366, 02309872, 02310020, 02310167, 02310175, 02310289, 02309371, 02309372, 02310847, 02310896, 02309907, 02311902, 02312108, 02312305, 02312823, 02303217, 02313178, 02311246, 02313331, 02313615, 02314053, 02314135, 02314556, 02314890, 02314387, 02315424, 02315498, 02315720, 02314252, 02317954, 02318526, 02318823, 02317904, 02313222, 02318919, 02319007, 02319532, 02319670, 02318492, 02321157, 02321281, 02322217, 02322287, 02322631, 02322876, 02324001, 02324580, 02325116, 02325282, 02325170, 02322116, 02325701, 02327031, 02327016, 02327739, 02327746, 02327847, 02328004

The following are supported platform updates made in Tenable Nessus 10.9.4:

  • Added support for macOS Tahoe.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.8.6 (2025-09-24)

Bug Fix Defect ID
Improved the functionality of nessusd.exe during the installation process to prevent installation failures on Windows. 02299766, 02301221, 02316698, 02304622
Updated the Tenable Nessus installer for compatibility with macOS 15.6. 02302429, 02302597, 02303074, 02303503, 02303300, 02304365, 02305049, 02305528, 02306171, 02306190, 02304979, 02306117, 02307959, 02308080, 02308148, 02308282, 02308317, 02308917, 02309085, 02309203, 02309366, 02309872, 02310020, 02310167, 02310175, 02310289, 02309371, 02309372, 02310847, 02310896, 02309907, 02311902, 02312108, 02312305, 02312823, 02303217, 02313178, 02311246, 02313331, 02313615, 02314053, 02314135, 02314556, 02314890, 02314387, 02315424, 02315498, 02315720, 02314252, 02317954, 02318526, 02318823, 02317904, 02313222, 02318919, 02319007, 02319532, 02319670, 02318492, 02321157, 02321281, 02322217, 02322287, 02322631, 02322876, 02324001, 02324580, 02325116, 02325282, 02325170, 02322116, 02325701, 02327031, 02327016, 02327739, 02327746, 02327847, 02328004

The following are supported platform updates made in Tenable Nessus 10.8.6:

  • Added support for macOS Tahoe.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

(Early Access) Tenable Nessus 10.10.0 (2025-09-23)

Note: This version of Tenable Nessus is an Early Access release. To opt in to Early Access, contact your Tenable representative or configure the Nessus Update Plan in the user interface.

The following are the new features included in Tenable Nessus 10.10.0:

  • Added a global timeout setting to define the maximum duration for a host scan.

  • Added support for the upcoming software and plugin updates via scanner profiles for Tenable Vulnerability Management-linked scanners.

  • Added support for the upcoming Tenable Vulnerability Management plugin download concurrency feature.

  • Added support for the upcoming CPU resource limit setting for Tenable Agents, which will be configurable via agent profiles in Tenable Nessus Manager.

The following enhancements are included in Tenable Nessus 10.10.0:

  • In clustered environments, child nodes now report human-readable scan names instead of UUIDs for running scans to improve visibility.

  • The migration process from Tenable Nessus Manager to Tenable Vulnerability Management now includes triggered scans and their configured triggers.

  • When copying a triggered agent scan, Tenable Nessus Manager now includes the scan's history.

  • The main navigation menu is now resizable for an improved user experience.

  • Added a new API endpoint that allows you to export all Tenable Agent data in a single request.

  • For scanners on Linux systems, the command line output for nessuscli fetch --scanner-health-stats now includes heap memory statistics.

  • Improved the diagnostic packet capture feature to include support for ICMP and other IP-based protocols.

  • Added the ability to enforce TLS 1.3 for communications via the ssl_mode advanced setting.

  • Disabled the ability to export scan data and audit files in trial versions of Tenable Nessus.

  • Removed Terrascan from Tenable Nessus Essentials, Professional, Expert, and trials.

Bug Fix Defect ID

Fixed an issue where scan result emails showed incorrect vulnerability counts.

 02183925, 02290412

Fixed an issue that prevented users with appropriate permissions from generating certain scan reports.

 02194357

Fixed an issue where agent scan policies ignored the plugin family lock setting.

 02192072
Improved the reliability of nessuscli fix commands by ensuring the database is fully initialized before the commands can run. 02191308

Fixed an issue that allowed duplicate linking keys in Tenable Nessus Manager, ensuring keys are unique to prevent agent linking conflicts.

 02257892
Fixed the Safe Mode agent list filter. 02286697
Improved the functionality of nessusd.exe during the installation process to prevent installation failures on Windows. 02299766, 02301221, 02316698, 02304622

The following are supported platform updates made in Tenable Nessus 10.10.0:

  • Added support for macOS Tahoe.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.9.3 (2025-08-14)

Bug Fix Defect ID
Fixed an exclusions processing issue in Tenable Vulnerability Management that could cause scan launch delays, failures, or incorrectly show scanners as offline. 02284811, 02283482, 02285413, 02289061, 02289164, 02287074, 02302819

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.9.2 (2025-07-30)

Bug Fix Defect ID
Fixed an issue where offline Tenable Nessus Managers did not generate agent plugin databases for agents and cluster child nodes. 02282034
Fixed an issue where agent profiles were not applied after agents switched to different child nodes in a Tenable Nessus cluster. 02214200
Fixed a library-linking issue that prevented some non-privileged Tenable Nessus installations from starting properly from version 10.9.0 onward. 02283070

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.9.1 (2025-07-09)

Bug Fix Defect ID
Fixed an issue so that standalone Tenable Nessus Managers no longer terminate agent scan windows prematurely. 02280871

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.9.0 (2025-06-30)

The following are the new features included in Tenable Nessus 10.9.0:

  • Enabled triggered agent scans in Tenable Nessus Manager.

    Triggered agent scanning requires additional disk space. For more information, see Hardware Requirements.

  • Enabled web application scanning functionality for Tenable Nessus instances in air-gapped/offline environments.

  • Added support for declaring agent versions for Tenable Nessus Manager agent profiles in air-gapped/offline environments.

  • Added agent safe mode status reporting to Tenable Nessus Manager.

  • Enabled support for SSH session plugin reuse.

    This feature will require opt-in when plugins supporting SSH connection reuse are released.

The following enhancements are included in Tenable Nessus 10.9.0:

  • Introduced the nessuscli system --config-optimization command, which optimizes the size and structure of the global configuration database.

  • Updated the nessuscli update command to support the --agent-version parameter.

  • Changed the debug report format to .zip.

  • Optimized full plugin set compilations.

  • Removed unnecessary permissions of Tenable Nessus binaries for non-root and non-administrators.

  • Added a user interface element to indicate which web application scanning image tag is being used by Tenable Nessus.

  • Added the --fedcloud parameter to link Tenable Vulnerability Management-managed scanners to FedRAMP environments.

  • Added a user interface icon to indicate when credentials fail or succeed in credentialed scans.

  • The nessuscli health and status report now includes DNS and rDNS failure counts.

The following are security updates included in Tenable Nessus 10.9.0:

Bug Fix Defect ID Applies to
Corrected service logging on Windows to prevent pop-up messages from incorrectly stating that Tenable Nessus could not be stopped. 02073932 All versions of Tenable Nessus on Windows
Improved performance when filtering agents by cluster node. 02067421 Tenable Nessus Manager
Fixed an issue that caused some plugin severities to unexpectedly change to Info-level. 02155712, 02103788 All versions of Tenable Nessus
Fixed an issue that caused scanner instability when processing large XML strings. 02140860 All versions of Tenable Nessus
Fixed an issue that caused plugin detail locales to download incorrectly. 02106575, 02231844, 02232657 All versions of Tenable Nessus
Fixed an issue where the last checked available versions did not refresh in the user interface. 02078242 All versions of Tenable Nessus
Fixed an issue by no longer including the /backups directory by default. 01780874, 01797307 All versions of Tenable Nessus
Improved error handling for policy requests to the parent node during initialization. 01559616 Tenable Nessus Manager
Fixed an issue on managed scanners where the Audit Trail Verbosity scan setting appeared twice and could not be set. 02136378 All versions of Tenable Nessus
Fixed an issue where scan-generated targets were occasionally skipped. 02167709 All versions of Tenable Nessus
Fixed an issue that allowed multiple user accounts to be created on a single instance of Tenable Nessus Expert, Tenable Nessus Professional, and Tenable Nessus Essentials.   Tenable Nessus Expert, Tenable Nessus Professional, and Tenable Nessus Essentials

The following are supported platform updates made in Tenable Nessus 10.9.0:

  • Added support for Fedora 41 and 42.

  • Added support for Windows Server 2025.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.8.5 (2025-06-30)

The following are security updates included in Tenable Nessus 10.8.5:

  • Updated libxml2 to version 2.13.8.

    • Backported the fix for CVE-2025-6021 into libxml2 2.13.8.

  • Updated libxslt to version 1.1.43.

  • Fixed vulnerabilities in which an attacker could escalate privileges by abusing symlinks before installing Tenable Agent on Windows.

    For more information, see the Tenable Product Security Advisory.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.8.4 (2025-04-17)

The following are security updates included in Tenable Nessus 10.8.4:

  • Fixed a security issue in which the X-Forwarded-For header could be used to manipulate data on the Tenable Nessus scanner.

  • Addressed an issue where Tenable Nessus failed to set ACLs for the optional custom installation directory chosen during the Windows installation process.

  • Addressed an issue where Tenable Nessus could appropriately log ANSI escape characters.

  • Updated libxml2 to version 2.13.7.

  • Updated expat to version 2.7.0.

    For more information, see the Tenable Product Security Advisory.

Bug Fix Applies to
Addressed an issue in the Windows MSI installer that allowed a user to permanently disable Tenable Nessus if the installation was canceled in a custom (non-default) directory with overly-broad permissions. All versions of Tenable Nessus on Windows

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.