Tenable Security Center 2026 Release Notes

Tip: You can subscribe to receive alerts for Tenable documentation updates.

These release notes are listed in reverse chronological order. To jump to a place in the release notes, use the list to the right.

Tenable Security Center Patch 202602.3 (2026-02-26)

Apply this patch to Tenable Security Center installations running Tenable Security Center 6.7.2 and 6.6.0 on CentOS 9. This patch fixes a feed update issue.

Note: Tenable Security Center requires at least 8GB of RAM on the host operating system to function.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable Security Center stops.

  6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

  • install.sh

  • FeedUpdateTool.php

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Tenable Security Center 6.8.0 Release Notes (2026-2-18)

You can download the update files from the Tenable Security Center Downloads page.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Caution: Tenable Security Center 6.8.0 uses an updated SSH library. When you update to Tenable Security Center 6.8.0 or later, you must add an ed25519 key for authorization to successfully sync remote repositories. This new requirement ensures that data transmission is secured using the latest cryptographic standards. If you do not add the new key, the synchronization of your remote repositories will fail.

Note: If you cannot authenticate to Tenable Security Center after the upgrade and see the error Provided key is too short in the logs, contact Tenable Support. This issue will be addressed in a future release.

Note: If you enable Federal Information Processing Standards (FIPS 140-2) on your operating system (Oracle 8, RHEL 8), the upgrade might fail when the system generates new keys. Run the following command before you attempt the upgrade:

touch /opt/sc/.ssh/id_ed25519

For Tenable Core, log in to the shell and run the same command.

Compatibility and Requirements

  • Version Support: Tenable Security Center 6.8.0 supports direct upgrades from version 6.4.0 and later. If your upgrade skips versions (for example, 6.6.0 to 6.8.0), review the release notes for all skipped versions to identify necessary configuration updates.

  • Hardware: Tenable Security Center has updated hardware specifications as of version 6.7.0. While the upgrade does not block systems that fall below these specs, performance may degrade. Tenable Support may require hardware upgrades to resolve support cases.

    For more information, see Hardware Requirements in the Tenable Security Center Director User Guide.

  • Deprecations:

    • Kubernetes: Support ended in version 6.6.0. Migrate to Tenable Enclave Security.

    • Web App Scanning using Tenable Nessus: Deprecated in version 6.7.0. Move to Tenable Core or Docker-based scanners.

Pre-Upgrade Preparation

  • Backups: Perform a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

  • External PostgreSQL:

    • If you have an external PostgreSQL database, it must be running and reachable before you upgrade to Tenable Security Center. Failure to do so will result in a failed upgrade of Tenable Security Center, even if the upgrade appears to succeed. If this occurs, you can restore the database with a preexisting backup file. Otherwise, you will need to contact your customer support representative to resolve the issue.

    • If you want to run a VACUUM operation in an external PostgreSQL, you must have super user or table owner permissions.

  • Tenable Nessus Plugins: Verify that your Tenable Nessus plugins have been updated within the last 30 days.

During Upgrade

Note: During deployment or upgrade, you may see a single-line error message regarding an error installing a custom Certificate Authority (CA). This is an issue that does not affect functionality. The installation will continue successfully, with no functional impact. This issue will be addressed in a future release.

  • Upgrade Duration: Upgrades from version 6.6.x or earlier with large datasets may take several hours.

  • Tenable Security Center Director: If you upgrade Tenable Security Center Director, upgrade all managed instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.

  • Tiered Setups: When you upgrade to Tenable Security Center 6.8.0 with a tiered setup using remote or offline universal repositories, follow these steps:

    1. In the parent Tenable Security Center console, change the update frequency of each remote repository to Never.

      Note: Record the existing frequency (the default is Daily) before you change it.

    2. Upgrade the child and parent Tenable Security Center consoles that synchronize repositories to version 6.8.0.

    3. From the parent Tenable Security Center console, initiate a synchronization of the repositories.

      Caution: The initial repository synchronization after you upgrade to 6.8.0 requires re-authentication. You must provide administrator login credentials or perform a manual key exchange.

    4. Verify the synchronization completes successfully and ensure the parent console displays the updated data.

    5. In the parent Tenable Security Center console, change the update frequency of each remote repository back to your previous setting (for example, Daily).

    For more information, see the Knowledge Base article.

  • Offline Universal Repositories: Tenable Security Center 6.7.0 fixed an issue where DNS assets were broken for offline universal repositories, because you could not enter the IP range when adding the repository. When you upgrade to Tenable Security Center 6.8.0 from 6.6.x or earlier, the IP range for the offline universal repository is not automatically set. You must manually edit the offline repository and enter the IP range to use DNS assets.

Post-Upgrade and Maintenance

  • Search and Vulnerability Intelligence: The feed update must complete successfully to enable Search and Vulnerability Intelligence. After you install Tenable Security Center 6.8.0, verify the status of the feed update. If you cannot confirm that an automatic update occurred, manually trigger a feed update.

  • Remote Repository Sync:

    • Enabling FIPS 140-2 on Oracle 8, RHEL 8, or Tenable Core requires re-authentication of Remote Repository Syncs.

      1. Download the RSA key from the Tenable Security Center host console: cat /opt/sc/.ssh/id_rsa.pub

      2. Upload the key to each remote Tenable Security Center. See Add a Key in the Tenable Security CenterUser Guide.

      3. Navigate to at least one remote repository per remote Tenable Security Center to re-authenticate. See Remote Repositories in the Tenable Security CenterUser Guide.

    • After you upgrade Tenable Security Center Director, you will need to sync existing remote repositories (either manually or via a scheduled sync) before you can browse vulnerability data from newly synced scan results.

      For more information, see Scan Results in the Tenable Security Center Director User Guide.

  • API/Tooling: If you use pyTenable with the Tenable Security Center API, upgrade pyTenable to version 1.4.2 or later.

Asset Repositories

When you upgrade to Tenable Security Center 6.8.0, all IPv4, IPv6, Agent, and Universal repositories become Asset repositories. This change consolidates the functionality of previous repository types into a single type. You can now target any data—including agent, network scan, and passive data—into any repository.

See Plugin Mitigation Logic Enhancements in the Changed Functionality and Performance Enhancements for additional information.

Note: This change does not affect Mobile repositories for Mobile Device Management (MDM) data.

Explore Assets Additions

The Explore Assets page includes new Group By options:

  • Microsoft ID

  • Network

  • System Type

  • Asset Criticality Rating (ACR) (Available in Tenable Security Center+)

Other enhancements to the Explore Assets page include:

  • You can edit Asset Criticality Rating (ACR) scores directly in the Explore interface. This feature is available in Tenable Security Center+.

  • You can export findings and installed software for specific assets to a comma-separated values (CSV) file.

Scan Per-Host Timeout

In advanced scan policies, you can configure a timeout for each host to prevent a single host from increasing the overall scan time.

VPR Enhancements

The updated TenableVulnerability Priority Rating (VPR) is available in the Vulnerability Intelligence and CVE Search sections of Tenable Security Center.

These updates provide the following functionality:

  • Refined Risk Calculation: While the Common Vulnerability Scoring System (CVSS) classifies approximately 60% of Common Vulnerabilities and Exposures (CVE) as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this, helping your teams focus on just 1.6% of vulnerabilities that represent actual risk to your business by leveraging an even broader spectrum of threat intelligence and real-time data input used to predict near-term exploitation.

  • AI-Driven Insights: Large Language Model (LLM) insights provide information on why an exposure is significant, how threat actors weaponize the exposure, and guidance for mitigation. For more information, see Vulnerability Intelligence in the Tenable Security Center User Guide.

  • Industry and Regional Context: New metadata identifies if threat actors are targeting a vulnerability within a specific industry or geographic region.

The original VPR and the enhanced VPR (Beta) scores coexist in Tenable Security Center. Tenable will provide advance notice before the original VPR is deprecated.

See the FAQ and whitepaper for additional information.

Explore Assets Performance Enhancements

Tenable improved the performance of the Explore Assets page. You can now leave the page while Tenable Security Center processes long-running queries. The query completes in the background. If you re-run the filter within 30 minutes, the results are available immediately.

Additionally, Tenable Security Center now uses caching for several datasets to improve performance.

Postgres Password Encryption for External Databases

Tenable Security Center supports at-rest encryption for External PostgreSQL connection configurations.

For more information, see External PostgreSQL with Tenable Security Center in the Tenable Security Center User Guide.

Privileged Access Management Integrations

  • The Delinea Secret Server auto-discovery feature removes the requirement to manually add specific targets to a scan. For more information on support and configuration, see the Delinea Integration Guide.

  • The Delinea integration includes a new API authentication method called Delinea Authentication Method, which allows you to use an API key. Tenable also removed the Checkout Duration field because the integration did not use it.

  • BeyondTrust Password Safe and Delinea integrations now support retrieval of database credentials from the safe.

  • The CyberArk Vault integration includes new options for querying credentials. You can retrieve login credentials with advanced parameters by selecting Get credential by > Parameters, or you can configure a single credential to fetch each password separately by username. A Get Escalation Credential By option is available for escalation credentials. The Escalation Account Name field is no longer required.

Defect ID

Bug Fix

01683034

Fixed an issue where scans failed to execute if they were associated with deprecated audit files, ensuring continuous scan operations.

02134273

Updated the analysis endpoint API documentation to correctly reflect deprecated query ID versions, improving clarity for developers using the Tenable Security Center API.

02155054

Resolved an issue where SMTP configurations returned errors despite having valid settings, ensuring reliable email notification delivery.

02158649

Improved asset identification by using device types from plugins when ACR does not detect a system type, ensuring the "General Purpose" status updates correctly in Host Assets.

02183280

Fixed a filtering issue that prevented certain audit file checks from appearing in dashboard components, improving the accuracy of CIS control reporting.

02210079

Resolved a PostgreSQL error related to index row size limits in Tenable Security Center 6.5.1, improving database stability and performance.

02224527

Fixed an issue where disabling specific plugins in an agent scan policy resulted in incorrect plugin counts and unexpected scan results, ensuring policies are enforced accurately.

02226497

Resolved an issue in Vulnerability Intelligence where searching by CVE ID failed to display affected assets, restoring visibility into specific vulnerabilities.

02243738

Fixed a bug that prevented the deletion of specific user accounts after they were moved between groups, streamlining user management.

02261416, 02281157, 02311196, 02342406, 02345555

Resolved an import error (code #255) that occurred when processing large scan results in Tenable Security Center 6.6, ensuring successful data ingestion for high-volume scans.

02263327

Addressed a permission vulnerability where unprivileged users could export CSV reports containing user lists, strengthening organizational data security.

02288287

Fixed a frequent JavaScript type error in Tenable Security Center 6.5.1 that impacted user interface stability.

02289644, 02357581

Resolved an issue where running discovery and vulnerability scans against the same hosts created duplicate IP entries in the Universal Repository, ensuring cleaner asset data.

02298002

Fixed a bug in advanced agent scan policies where filtering plugins by "VPR = NONE" triggered an error, allowing for more precise scan configurations.

02300062, 02341628, 02346929, 02317723

Resolved an issue causing agent scans to fail with a '404' error, ensuring consistent communication between agents and the console.

02300192

Fixed an issue in Vulnerability Intelligence where irrelevant plugins were incorrectly associated with specific CVEs, improving the accuracy of vulnerability data.

02312776, 02321459

Improved agent scan remediation logic to ensure dependent plugins are correctly mitigated in Tenable Security Center when software is uninstalled.

02315148

Resolved a PHP error in GroupLib.php that caused excessively large error logs, reducing unnecessary disk space consumption.

02324859, 02372515, 02381015, 02383992, 02378255, 02393908, 02398497, 02400214, 02402449, 02405896, 02413903, 02370468, 02409870, 02417581

Fixed an issue preventing successful feed updates on CentOS Stream 9 for Tenable Security Center 6.6.0, ensuring users receive the latest vulnerability definitions.

02330615

Optimized database logging to prevent excessive IO traffic and the generation of massive log files, improving system performance and storage efficiency.

02346421, 02348865, 02351080, 02373640, 02372397, 02381214, 02385989, 02385875, 02383010, 02388580, 02391203, 02395661, 02397073, 02374457, 02401052, 02418124

Resolved an issue where users were automatically logged out when accessing the Explore Assets menu after an upgrade to Tenable Security Center 6.7.

02352990, 02406324

Fixed a bug that prevented users from modifying CyberArk credentials in Tenable Security Center, ensuring credentialed scans can be maintained.

02361808

Resolved a backend timeout issue that caused policy creation to fail and result in broken policy icons, ensuring reliable scan configuration.

02367457

Fixed a database synchronization issue following upgrades to Tenable Security Center 6.7.1 that caused job queue failures and notification errors.

02367672

Resolved a critical licensing error that prevented users from applying valid Tenable Nessus activation codes, ensuring uninterrupted product access.

02372395

Fixed an issue where saving SSH CyberArk Vault credentials would overwrite the escalation account name with "SET," preventing scan failures due to credential corruption.

02376239

Corrected a discrepancy between Vulnerability Intelligence and Vulnerability Analysis views to accurately reflect the mitigated status of assets for specific CVEs.

02383778

Updated the software parsing logic for Alma Linux 9.1 to ensure installed software is correctly displayed in the Host Assets view.

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page page.

The following table lists the Tenable product versions tested with Tenable Security Center 6.8.0.

Product Tested Version
Tenable Nessus

10.8.0 and later
OT Security 3.19.0 and later
Tenable Network Monitor 6.5.0 and later

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Tenable Security Center Patch 202602.2 (2026-02-17)

Apply this patch to Tenable Security Center installations running the following:

  • Tenable Security Center 6.7.2, 6.6.0, and 6.5.1 on Oracle Linux 8 or later.

  • Tenable Security Center 6.7.2, 6.6.0, and 6.5.1 on Red Hat Enterprise Linux 8 or later.

  • Tenable Security Center 6.7.5 on Tenable Enclave Security.

This patch fixes an OS command injection vulnerability.

Note: Tenable Security Center requires at least 8GB of RAM on the host operating system to function.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable Security Center stops.

  6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

Apply the patch to a Tenable Security Center running on Tenable Enclave Security:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Copy the patch file to the Tenable Security Center pod of your namespace, where [patch file name] is the name of the .tgz patch file you downloaded:

    kubectl cp [patch file name] [namespace]/[sc-pod]:[patch file name]

  3. Log in to the Tenable Enclave Security runtime container with the following command:

    kubectl exec -it tenable-security-center-0 -n [namespace] -- /bin/sh

  4. Run the following command to untar the patch file:

    tar zxf [patch file name]

  5. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  6. Stop the Tenable Security Center service with the following command:

    /scbase/SC.sh stop

  7. Run the following command to begin the installation:

    sh ./install.sh

  8. Start Tenable Security Center with the following command:

    /scbase/SC.sh start

  9. After the installation finishes, Tenable Security Center automatically restarts. You may be logged out of the Tenable Security Center pod after you apply the patch.

  • install.sh

  • Utility.php

  • VulnLib.php

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Tenable Security Center Patch 202602.1 (2026-02-17)

Apply this patch to Tenable Security Center installations running the following versions:

  • Tenable Security Center 6.7.2, 6.6.0, and 6.5.1 on Oracle Linux 8 or later.

  • Tenable Security Center 6.7.2, 6.6.0, and 6.5.1 on Red Hat Enterprise Linux 8 or later.

  • Tenable Security Center 6.7.5 on Tenable Enclave Security.

This patch updates the following:

  • Apache to version 2.4.66

  • libCurl to version 8.18

  • PHP to version 8.2.30

Note: Tenable Security Center requires at least 8GB of RAM on the host operating system to function.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable Security Center stops.

  6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

Apply the patch to a Tenable Security Center running on Tenable Enclave Security:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Copy the patch file to the Tenable Security Center pod of your namespace, where [patch file name] is the name of the .tgz patch file you downloaded:

    kubectl cp [patch file name] [namespace]/[sc-pod]:[patch file name]

  3. Log in to the Tenable Enclave Security runtime container with the following command:

    kubectl exec -it tenable-security-center-0 -n [namespace] -- /bin/sh

  4. Run the following command to untar the patch file:

    tar zxf [patch file name]

  5. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  6. Stop the Tenable Security Center service with the following command:

    /scbase/SC.sh stop

  7. Run the following command to begin the installation:

    sh ./install.sh

  8. Start Tenable Security Center with the following command:

    /scbase/SC.sh start

  9. After the installation finishes, Tenable Security Center automatically restarts. You may be logged out of the Tenable Security Center pod after you apply the patch.

  • install.sh

  • httpd

  • php

  • apr.exp

  • aprutil.exp

  • libapr-1.a

  • libapr-1.la

  • libapr-1.so.0.7.5

  • libaprutil-1.a

  • libaprutil-1.la

  • libaprutil-1.so.0.6.3

  • libcrypto.a

  • libcrypto.so

  • libcrypto.so.3

  • libcurl.a

  • libcurl.la

  • libcurl.so.4.8.0

  • libssl.so

  • libssl.so.3

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Tenable Security Center Patch 202601.1 (2026-01-06)

Apply this patch to Tenable Security Center installations running the following versions:

  • Tenable Security Center 6.7.x, 6.6.0, and 6.5.1 on Oracle Linux 8 or later.

  • Tenable Security Center 6.7.x, 6.6.0, and 6.5.1 on Red Hat Enterprise Linux 8 or later.

  • Tenable Security Center 6.7.x, 6.6.0, and 6.5.1 on Tenable Core.

  • Tenable Security Center 6.7.x and 6.6.x on Tenable Enclave Security.

This patch updates the PHP configuration to increase the memory_limit to 4GB. This change prevents potential 255 error status failures during Tenable Security Center feed updates caused by PHP memory exhaustion.

Note: If you are running a Tenable Security Center version earlier than 6.5.1, you must upgrade to a supported version before applying this patch, or manually update your configuration.

Note: Tenable Security Center requires at least 8GB of RAM on the host operating system to function.

Caution: If you do not apply this patch or manually update the configuration, Tenable Security Center feed updates fail. This failure prevents updates to the following elements:

  • Asset List Templates

  • Report Templates

  • Dashboard Templates

  • Audit File Templates

  • Vulnerability Intelligence and CVE Search data

Failure to process feeds also increases disk space usage on Tenable Security Center.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable Security Center stops.

  6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

Apply the patch to a Tenable Security Center running on Tenable Enclave Security:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Copy the patch file to the Tenable Security Center pod of your namespace, where [patch file name] is the name of the .tgz patch file you downloaded:

    kubectl cp [patch file name] [namespace]/[sc-pod]:[patch file name]

  3. Log in to the Tenable Enclave Security runtime container with the following command:

    kubectl exec -it tenable-security-center-0 -n [namespace] -- /bin/sh

  4. Run the following command to untar the patch file:

    tar zxf [patch file name]

  5. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  6. Stop the Tenable Security Center service with the following command:

    /scbase/SC.sh stop

  7. Run the following command to begin the installation:

    sh ./install.sh

  8. Start Tenable Security Center with the following command:

    /scbase/SC.sh start

  9. After the installation finishes, Tenable Security Center automatically restarts. You may be logged out of the Tenable Security Center pod after you apply the patch.

  • install.sh

  • updateMemoryLimits.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.