OrganisationUS

Tenable

Vulnerability management and exposure analytics company; published analysis of CVE-2026-9082 in Drupal including Imperva exploitation telemetry.

Last refreshed: 29 May 2026 · Appears in 1 active topic

Key Question

How did Tenable's Drupal CVE-2026-9082 analysis influence the CISA patch deadline?

Timeline for Tenable

#522 May

Drupal SQL flaw hits PostgreSQL sites

Cybersecurity: Threats and Defences

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

What is Tenable and what does Nessus do?: Tenable is a US cybersecurity company founded in 2002. Its Nessus scanner is the most widely deployed vulnerability assessment tool in the world, used to identify exposed systems and prioritise patching.Source: Tenable corporate
What did Tenable find about the Drupal SQL injection CVE-2026-9082?: Tenable published analysis of CVE-2026-9082, a Highly Critical SQL injection in Drupal's database layer rated 23/25. Exploitation began within 48 hours, hitting over 15,000 attack attempts against 6,000 sites globally.Source: Tenable research
Is Tenable publicly traded?: Yes. Tenable listed on Nasdaq in 2018 under the ticker TENB and remains publicly traded.Source: Nasdaq
Does Tenable cover industrial control systems security?: Yes. Tenable OT Security (formerly Tenable.ot) covers operational technology and ICS environments, extending its vulnerability management platform to critical infrastructure.Source: Tenable corporate

Background

Tenable drew attention in May 2026 when its research team published detailed analysis of CVE-2026-9082, a Highly Critical SQL injection in Drupal's database-abstraction layer rated 23/25 (CVSS 6.5). The flaw affected PostgreSQL-backed Drupal installations and attracted more than 15,000 exploitation attempts against roughly 6,000 sites across 65 countries within 48 hours of public disclosure. Tenable's analysis contributed to the rapid CISA KEV listing on 22 May 2026.

Founded in 2002 and headquartered in Columbia, Maryland, Tenable is best known for Nessus, the world's most widely deployed vulnerability scanner, used by security teams to identify and prioritise exposed assets. The company floated on Nasdaq in 2018 under the ticker TENB. Its product range also includes Tenable.io (cloud-based VM), Tenable.sc (on-premises), Tenable OT Security (operational technology), and Tenable One, an exposure-management platform launched in 2022. Tenable claims more than 44,000 customers worldwide.

Tenable occupies a central position in the commercial vulnerability-disclosure ecosystem. Its research underpins CVSS scoring disputes and CISA prioritisation decisions; when Tenable flags a flaw as critical, that assessment feeds into federal patch deadlines. The company's OT Security product line gives it standing in critical-infrastructure cyber debates alongside ICS-CERT and ENISA.

Source Material

Tenable, Inc. – Wikipedia Tenable official website

How the World Sees Them

United States

Tenable research directly informs CISA KEV listings and federal patch deadlines; its Nessus scanner is standard tooling across US government agencies subject to FISMA.

European Union

ENISA and EU member-state CERTs rely on Tenable vulnerability data; the company maintains EU data-residency options for GDPR-sensitive enterprise customers.

United Kingdom

NCSC references Nessus scan data in its vulnerability-disclosure guidance; UK government departments use Tenable.sc under CLAS-accredited security frameworks.