Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.tenable.com/security/research/tns-2026-16 |
|
History
Wed, 24 Jun 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tenable
Tenable identity Exposure |
|
| Vendors & Products |
Tenable
Tenable identity Exposure |
Tue, 23 Jun 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 23 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied. | |
| Title | Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure | |
| Weaknesses | CWE-306 CWE-524 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: tenable
Published: 2026-06-23T15:59:50.522Z
Updated: 2026-06-23T17:48:03.138Z
Reserved: 2026-06-23T14:57:21.550Z
Link: CVE-2026-13007
Updated: 2026-06-23T17:47:50.534Z
No data.
No data.