Tenable Security Center 2026 Release Notes

Tip: You can subscribe to receive alerts for Tenable documentation updates.

These release notes are listed in reverse chronological order. To jump to a place in the release notes, use the list to the right.

Tenable Security Center 6.8.0 Release Notes (2026-2-18)

You can download the update files from the Tenable Security Center Downloads page.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Note: To ensure that the Search and Vulnerability Intelligence features function correctly after you upgrade, the feed update must complete successfully at least once. After you install Tenable Security Center 6.8.0, verify the status of the feed update. If you cannot confirm that an automatic update occurred, manually trigger a feed update.

Note: During deployment or upgrade, you may encounter a single-line error message regarding an error installing a custom Certificate Authority (CA). This is an issue that does not affect functionality. The installation will continue successfully, with no functional impact. This issue will be addressed in a future release.

Note: The recommended hardware specifications for Security Center have been updated as of 6.7.0. Systems not meeting the required specifications will not be blocked on upgrade and may continue to have acceptable performance, however this depends on a variety of factors. Tenable Support may recommend additional hardware resources or configuration changes during the debugging process for support cases.

For more information, see Hardware Requirements in the Tenable Security Center Director User Guide.

  • Tenable Security Center 6.8.0 supports direct upgrades from 6.4.0 and later on the same operating system.

  • Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

  • When you upgrade to Tenable Security Center 6.8.0, verify that your Nessus plugins have been updated within the last 30 days.

  • If you upgrade Tenable Security Center Director, upgrade all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.

  • If you are running an external PostgreSQL database, it must be running and reachable before you upgrade to Tenable Security Center 6.8.0. Failure to do so will result in a failed upgrade of Tenable Security Center, even if the upgrade appears to succeed. If this occurs, you can restore the database with a preexisting backup file. Otherwise, you will need to contact your customer support representative to resolve the issue.

  • Tenable Security Center 6.6.0 was the last release to support deployment on Kubernetes. If you upgrade to 6.8.0 from 6.6.0, you will need to migrate to Tenable Enclave Security, which is the current Kubernetes-based deployment.

  • Web App Scanning using Tenable Nessus was deprecated in Tenable Security Center 6.7.0. You should move web application scanners to Tenable Core or Docker-based scanners.

  • When you upgrade to Tenable Security Center 6.8.0 with a tiered setup using remote or offline universal repositories, use the following steps:

    1. Upgrade the child Tenable Security Center console that has the source repository to Tenable Security Center 6.8.0.

    2. Sync the remote repository.

    3. After the sync completes, upgrade the parent Tenable Security Center console to version 6.8.0.

    For more information, see the Knowledge Base article.

  • After you upgrade to Tenable Security Center Director 6.8.0, you will need to sync existing remote repositories (either manually or via a scheduled sync) before you can browse vulnerability data from newly synced scan results.

    For more information, see Scan Results in the Tenable Security Center Director User Guide.

  • Tenable Security Center 6.7.0 fixed an issue where DNS assets were broken for offline universal repositories, because you could not enter the IP range when adding the repository. When you upgrade to Tenable Security Center 6.8.0 from 6.6.x or earlier, the IP range for the offline universal repository is not automatically set. You must manually edit the offline repository and enter the IP range to use DNS assets.

  • If you want to run a VACUUM operation in an external PostgreSQL, you must have super user or table owner permissions.

  • If you upgrade to Tenable Security Center 6.8.0 from 6.6.x or earlier and you have large amounts of data, the upgrade may take several hours.

  • If you are running Tenable Security Center 6.8.0 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.

  • If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 6.6.0 to 6.8.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Asset Repositories

When you upgrade to Tenable Security Center 6.8.0, all IPv4, IPv6, Agent, and Universal repositories become Asset repositories. This change consolidates the functionality of previous repository types into a single type. You can now target any data—including agent, network scan, and passive data—into any repository.

See Plugin Mitigation Logic Enhancements in the Changed Functionality and Performance Enhancements for additional information.

Note: This change does not affect Mobile repositories for Mobile Device Management (MDM) data.

Explore Assets Additions

The Explore Assets page includes new Group By options:

  • Microsoft ID

  • Network

  • System Type

  • Asset Criticality Rating (ACR) (Available in Tenable Security Center+)

Other enhancements to the Explore Assets page include:

  • You can edit Asset Criticality Rating (ACR) scores directly in the Explore interface. This feature is available in Tenable Security Center+.

  • You can export findings and installed software for specific assets to a comma-separated values (CSV) file.

Scan Per-Host Timeout

In advanced scan policies, you can configure a timeout for each host to prevent a single host from increasing the overall scan time.

VPR Enhancements

The updated TenableVulnerability Priority Rating (VPR) is available in the Vulnerability Intelligence and CVE Search sections of Tenable Security Center.

These updates provide the following functionality:

  • Refined Risk Calculation: While the Common Vulnerability Scoring System (CVSS) classifies approximately 60% of Common Vulnerabilities and Exposures (CVE) as High or Critical, our original VPR reduced this to 3%. The enhanced VPR further refines this, helping your teams focus on just 1.6% of vulnerabilities that represent actual risk to your business by leveraging an even broader spectrum of threat intelligence and real-time data input used to predict near-term exploitation.

  • AI-Driven Insights: Large Language Model (LLM) insights provide information on why an exposure is significant, how threat actors weaponize the exposure, and guidance for mitigation. For more information, see Vulnerability Intelligence in the Tenable Security Center User Guide.

  • Industry and Regional Context: New metadata identifies if threat actors are targeting a vulnerability within a specific industry or geographic region.

The original VPR and the enhanced VPR (Beta) scores coexist in Tenable Security Center. Tenable will provide advance notice before the original VPR is deprecated.

See the FAQ and whitepaper for additional information.

Explore Assets Performance Enhancements

Tenable improved the performance of the Explore Assets page. You can now leave the page while Tenable Security Center processes long-running queries. The query completes in the background. If you re-run the filter within 30 minutes, the results are available immediately.

Additionally, Tenable Security Center now uses caching for several datasets to improve performance.

Plugin Mitigation Logic Enhancements

Tenable Security Center 6.5.0 improvements for tracking Thorough Tests, Scan Accuracy, and Tenable Nessus Web Tests are now available for Asset repositories. This update enables you to track these attributes for all Tenable Nessus data in Tenable Security Center.

Postgres Password Encryption for External Databases

Tenable Security Center supports at-rest encryption for External PostgreSQL connection configurations.

For more information, see External PostgreSQL with Tenable Security Center in the Tenable Security Center User Guide.

Privileged Access Management Integrations

  • The Delinea Secret Server auto-discovery feature removes the requirement to manually add specific targets to a scan. For more information on support and configuration, see the Delinea Integration Guide.

  • The Delinea integration includes a new API authentication method called Delinea Authentication Method, which allows you to use an API key. Tenable also removed the Checkout Duration field because the integration did not use it.

  • BeyondTrust Password Safe and Delinea integrations now support retrieval of database credentials from the safe.

  • The CyberArk Vault integration includes new options for querying credentials. You can retrieve login credentials with advanced parameters by selecting Get credential by > Parameters, or you can configure a single credential to fetch each password separately by username. A Get Escalation Credential By option is available for escalation credentials. The Escalation Account Name field is no longer required.

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page page.

The following table lists the Tenable product versions tested with Tenable Security Center 6.7.2.

Product Tested Version
Tenable Nessus

10.5.0 and later
OT Security 3.16.0 and later
Tenable Network Monitor 6.2.0 and later

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Tenable Security Center Patch 202602.2 (2026-02-17)

Apply this patch to Tenable Security Center installations running the following:

  • Tenable Security Center 6.7.2, 6.6.0, and 6.5.1 on Oracle Linux 8 or later.

  • Tenable Security Center 6.7.2, 6.6.0, and 6.5.1 on Red Hat Enterprise Linux 8 or later.

  • Tenable Security Center 6.7.5 on Tenable Enclave Security.

This patch fixes an OS command injection vulnerability.

Note: Tenable Security Center requires at least 8GB of RAM on the host operating system to function.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable Security Center stops.

  6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

Apply the patch to a Tenable Security Center running on Tenable Enclave Security:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Copy the patch file to the Tenable Security Center pod of your namespace, where [patch file name] is the name of the .tgz patch file you downloaded:

    kubectl cp [patch file name] [namespace]/[sc-pod]:[patch file name]

  3. Log in to the Tenable Enclave Security runtime container with the following command:

    kubectl exec -it tenable-security-center-0 -n [namespace] -- /bin/sh

  4. Run the following command to untar the patch file:

    tar zxf [patch file name]

  5. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  6. Stop the Tenable Security Center service with the following command:

    /scbase/SC.sh stop

  7. Run the following command to begin the installation:

    sh ./install.sh

  8. Start Tenable Security Center with the following command:

    /scbase/SC.sh start

  9. After the installation finishes, Tenable Security Center automatically restarts. You may be logged out of the Tenable Security Center pod after you apply the patch.

  • install.sh

  • Utility.php

  • VulnLib.php

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Tenable Security Center Patch 202602.1 (2026-02-17)

Apply this patch to Tenable Security Center installations running the following versions:

  • Tenable Security Center 6.7.2, 6.6.0, and 6.5.1 on Oracle Linux 8 or later.

  • Tenable Security Center 6.7.2, 6.6.0, and 6.5.1 on Red Hat Enterprise Linux 8 or later.

  • Tenable Security Center 6.7.5 on Tenable Enclave Security.

This patch updates the following:

  • Apache to version 2.4.66

  • libCurl to version 8.18

  • PHP to version 8.2.30

Note: Tenable Security Center requires at least 8GB of RAM on the host operating system to function.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable Security Center stops.

  6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

Apply the patch to a Tenable Security Center running on Tenable Enclave Security:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Copy the patch file to the Tenable Security Center pod of your namespace, where [patch file name] is the name of the .tgz patch file you downloaded:

    kubectl cp [patch file name] [namespace]/[sc-pod]:[patch file name]

  3. Log in to the Tenable Enclave Security runtime container with the following command:

    kubectl exec -it tenable-security-center-0 -n [namespace] -- /bin/sh

  4. Run the following command to untar the patch file:

    tar zxf [patch file name]

  5. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  6. Stop the Tenable Security Center service with the following command:

    /scbase/SC.sh stop

  7. Run the following command to begin the installation:

    sh ./install.sh

  8. Start Tenable Security Center with the following command:

    /scbase/SC.sh start

  9. After the installation finishes, Tenable Security Center automatically restarts. You may be logged out of the Tenable Security Center pod after you apply the patch.

  • install.sh

  • httpd

  • php

  • apr.exp

  • aprutil.exp

  • libapr-1.a

  • libapr-1.la

  • libapr-1.so.0.7.5

  • libaprutil-1.a

  • libaprutil-1.la

  • libaprutil-1.so.0.6.3

  • libcrypto.a

  • libcrypto.so

  • libcrypto.so.3

  • libcurl.a

  • libcurl.la

  • libcurl.so.4.8.0

  • libssl.so

  • libssl.so.3

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Tenable Security Center Patch 202601.1 (2026-01-06)

Apply this patch to Tenable Security Center installations running the following versions:

  • Tenable Security Center 6.7.x, 6.6.0, and 6.5.1 on Oracle Linux 8 or later.

  • Tenable Security Center 6.7.x, 6.6.0, and 6.5.1 on Red Hat Enterprise Linux 8 or later.

  • Tenable Security Center 6.7.x, 6.6.0, and 6.5.1 on Tenable Core.

  • Tenable Security Center 6.7.x and 6.6.x on Tenable Enclave Security.

This patch updates the PHP configuration to increase the memory_limit to 4GB. This change prevents potential 255 error status failures during Tenable Security Center feed updates caused by PHP memory exhaustion.

Note: If you are running a Tenable Security Center version earlier than 6.5.1, you must upgrade to a supported version before applying this patch, or manually update your configuration.

Note: Tenable Security Center requires at least 8GB of RAM on the host operating system to function.

Caution: If you do not apply this patch or manually update the configuration, Tenable Security Center feed updates fail. This failure prevents updates to the following elements:

  • Asset List Templates

  • Report Templates

  • Dashboard Templates

  • Audit File Templates

  • Vulnerability Intelligence and CVE Search data

Failure to process feeds also increases disk space usage on Tenable Security Center.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable Security Center stops.

  6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

Apply the patch to a Tenable Security Center running on Tenable Enclave Security:

  1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

  2. Copy the patch file to the Tenable Security Center pod of your namespace, where [patch file name] is the name of the .tgz patch file you downloaded:

    kubectl cp [patch file name] [namespace]/[sc-pod]:[patch file name]

  3. Log in to the Tenable Enclave Security runtime container with the following command:

    kubectl exec -it tenable-security-center-0 -n [namespace] -- /bin/sh

  4. Run the following command to untar the patch file:

    tar zxf [patch file name]

  5. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  6. Stop the Tenable Security Center service with the following command:

    /scbase/SC.sh stop

  7. Run the following command to begin the installation:

    sh ./install.sh

  8. Start Tenable Security Center with the following command:

    /scbase/SC.sh start

  9. After the installation finishes, Tenable Security Center automatically restarts. You may be logged out of the Tenable Security Center pod after you apply the patch.

  • install.sh

  • updateMemoryLimits.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.