
Tenable
Vulnerability management and exposure analytics company; published analysis of CVE-2026-9082 in Drupal including Imperva exploitation telemetry.
Last refreshed: 29 May 2026 · Appears in 1 active topic
How did Tenable's Drupal CVE-2026-9082 analysis influence the CISA patch deadline?
Timeline for Tenable
Mentioned in: A quiet KEV fortnight, then a 2008 bug
Cybersecurity: Threats and DefencesMentioned in: Arista refuses to patch KEV flaw
Cybersecurity: Threats and DefencesDrupal SQL flaw hits PostgreSQL sites
Cybersecurity: Threats and DefencesWhat is Tenable and what does Nessus do?
What did Tenable find about the Drupal SQL injection CVE-2026-9082?
Is Tenable publicly traded?
Background
Tenable drew attention in May 2026 when its research team published detailed analysis of CVE-2026-9082, a Highly Critical SQL injection in Drupal's database-abstraction layer rated 23/25 (CVSS 6.5). The flaw affected PostgreSQL-backed Drupal installations and attracted more than 15,000 exploitation attempts against roughly 6,000 sites across 65 countries within 48 hours of public disclosure. Tenable's analysis contributed to the rapid CISA KEV listing on 22 May 2026.
Founded in 2002 and headquartered in Columbia, Maryland, Tenable is best known for Nessus, the world's most widely deployed vulnerability scanner, used by security teams to identify and prioritise exposed assets. The company floated on Nasdaq in 2018 under the ticker TENB. Its product range also includes Tenable.io (cloud-based VM), Tenable.sc (on-premises), Tenable OT Security (operational technology), and Tenable One, an exposure-management platform launched in 2022. Tenable claims more than 44,000 customers worldwide.
Tenable occupies a central position in the commercial vulnerability-disclosure ecosystem. Its research underpins CVSS scoring disputes and CISA prioritisation decisions; when Tenable flags a flaw as critical, that assessment feeds into federal patch deadlines. The company's OT Security product line gives it standing in critical-infrastructure cyber debates alongside ICS-CERT and ENISA.