CVE-2026-13007

HIGH 7.5

Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.

CWE	CWE-306 CWE-524
Vendor	tenable
Product	tenable identity exposure
Published	Jun 23, 2026
Last Updated	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for tenable tenable identity exposure

Be the first to know when new high vulnerabilities affecting tenable tenable identity exposure are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

tenable / Tenable Identity Exposure

0 < 3.93.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tenable.com: https://www.tenable.com/security/research/tns-2026-16

Credits

Cobalt (Tenable-commissioned penetration test)