Four Security Firms Patch Serious Flaws in Their Own Products
Tenable, ESET, Tanium, and Trend Micro have all pushed out fixes this month for high- and critical-severity vulnerabilities in tools that businesses rely on to stay secure.

Key points
- Tenable patched a critical flaw, tracked as CVE-2026-15265, in Tenable Agent that could let an attacker run malicious code on a victim's machine remotely.
- ESET fixed a high-severity privilege-escalation bug in ESET Inspect Connector for Windows that could let a local attacker gain administrator-level control.
- Tanium warned customers of a high-severity denial-of-service flaw in Tanium Server that an unauthenticated attacker on the same network could trigger.
- Trend Micro patched a high-severity privilege-escalation vulnerability in Cleaner One Pro for Mac that could let attackers delete protected files.
Four cybersecurity companies pushed out urgent fixes this month for serious vulnerabilities in their own software. The irony is not lost: tools sold specifically to protect businesses needed protecting themselves.
How bad are these flaws, really?
Bad enough that each company urged customers to update immediately. The most severe sits inside Tenable Agent, a piece of software organisations install on computers to scan them for security weaknesses. The flaw, CVE-2026-15265, is what researchers call a path-traversal vulnerability, meaning an attacker can trick the software into accessing files and folders it should never touch. Tenable confirmed that exploitation could lead to remote code execution, which means an attacker could run any commands they like on the affected machine without being physically present.
ESET's problem lives in ESET Inspect Connector for Windows, a component used for monitoring endpoint devices. The bug is a local privilege escalation, meaning a criminal who already has limited access to a machine could quietly promote themselves to full administrator. ESET's own advisory explains that the vulnerable process accepted specially crafted internal system messages called ALPC requests without checking where they came from or who sent them, opening the door to restricted parts of the system.
Tanium's issue affects Tanium Server, the central hub that organisations use to manage security across thousands of computers at once. The flaw is a denial-of-service vulnerability, meaning an attacker with access to the network could flood the server with requests and knock it offline, leaving security teams blind during the outage. No login was required to pull off the attack.
Trend Micro's Cleaner One Pro for Mac carried a privilege-escalation flaw that could let an attacker delete files belonging to Trend Micro itself, potentially stripping away security protections the software is meant to provide.
None of the four companies have reported any confirmed attacks using these flaws yet. That said, Palo Alto Networks and Trend Micro both confirmed real-world exploitation of separate vulnerabilities in their products earlier this year, as first reported by SecurityWeek, which underlines that security software is a deliberate target.
If your organisation uses any of these products, apply the available updates now. Check with your IT team today if you are unsure whether your versions have been patched.



