TENB Tenable Holdings

Tenable Research Discovered a Download Hijack Vulnerability in Slack

Tenable Research Discovered a Download Hijack Vulnerability in Slack

Slack issues update but bad actors could have leveraged the flaw for corporate espionage or file manipulation

COLUMBIA, Md., May 17, 2019 (GLOBE NEWSWIRE) -- , the Cyber Exposure company, today announced that its research team discovered a vulnerability in the Slack Desktop Application for Windows that could have allowed an attacker to alter where a victim’s files are stored when the documents are downloaded within Slack.

Slack has become a critical tool for many organizations looking to keep their employees connected. The vulnerability, which was found in Slack Desktop Application for Windows version 3.3.7 and has since been patched in version 3.4.0, could have allowed an attacker to send a crafted hyperlink via a Slack message that, once clicked, changes the document download location path to an attacker-owned file share. By exploiting the flaw, an attacker can not only steal future documents downloaded within Slack, but they can also manipulate them, such as injecting malicious code that would compromise the victim’s machine once opened.

“The digital economy and global distributed workforce have brought new technologies to market with the ultimate goal of seamless connectivity,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “But it’s critical that organizations realize this emerging technology is potentially vulnerable and part of their expanding attack surface. Tenable Research continues to work with vendors such as Slack to disclose our discoveries to ensure consumers and organizations are secure.”

Slack has released version 3.4.0 to address this vulnerability. Users are urged to confirm that their Slack for Windows is updated to this latest version.

For more information on how this vulnerability was found, read the Tenable Research blog post on .

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at .



Contact Information:

Cayla Baker

Tenable



443-545-2102, x 1544

EN
17/05/2019

Underlying

TENBTenable Holdings

To request access to management, click here to engage with our
partner Phoenix-IR's CorporateAccessNetwork.com

Reports on Tenable Holdings

 PRESS RELEASE
Free
TENB Tenable Holding...

Tenable to Host EXPOSURE 2026: The First Global Conference Devoted to ...

Tenable to Host EXPOSURE 2026: The First Global Conference Devoted to Exposure Management for the AI Era Global cybersecurity leaders will gather in Boston to define the future of proactive defense COLUMBIA, Md., March 02, 2026 (GLOBE NEWSWIRE) -- Tenable® Holdings, Inc. (NASDAQ: TENB), the , today announced , the first global conference fully dedicated to exposure management in the AI era. The event will take place May 19-21, 2026 in Boston. has become essential as organizations confront the largest expansion of the attack surface in decades. Deeply embedded AI tools and highly conne...

March 2, 2026 1 EN
Jonathan Moreland
  • Jonathan Moreland
Free Trial
TWI Titan Internati...
SCSC SCANSOURCE INC. ... (+57)

InsiderInsights Weekly Report: February 21, 2026

InsiderInsights Ratings of Companies with Open-Market Form 4 Purchases; Sales Filed at the SEC on the date above. We separate the real investment intelligence from the noise. Saving you time, and improving your research process

TWI TITAN INTERNATIONAL INC.
SCSC SCANSOURCE INC.
PSEC PROSPECT CAPITAL CORPORATION
MSCI MSCI INC. CLASS A
MOH MOLINA HEALTHCARE INC.
MMS MAXIMUS INC.
KVHI KVH INDUSTRIES INC.
HTGC HERCULES CAPITAL INC.
FAF FIRST AMERICAN FINANCIAL CORPORATION
BMI BADGER METER INC.
ARE ALEXANDRIA REAL ESTATE EQUITIES INC.
PRU PRUDENTIAL FINANCIAL INC.
ASA ASA
WY WEYERHAEUSER COMPANY
MDU MDU RESOURCES GROUP INC
MEDP MEDPACE HOLDINGS INC.
SAH SONIC AUTOMOTIVE INC. CLASS A
TSI TCW STRATEGIC INCOME FUND INC.
PLBC PLUMAS BANCORP
GRF EAGLE CAPITAL GROWTH FUND INC
CNDT CONDUENT INC.
MSFT MICROSOFT CORPORATION
SSTI SHOTSPOTTER
ZIVO ZIVO BIOSCIENCE
KKR INC.
BOTJ KKR & CO. INC.
AXR BANK OF THE JAMES FINANCIAL GROUP INC.
TENB AMREP
AVTR TENABLE HOLDINGS
CMTV AVANTOR
VERX INC.
BIGC COMMUNITY BANCORP INC. VT
SLQT VERTEX
DLHC INC.
AFRM BIGCOMMERCE HOLDINGS
FLYW SELECTQUOTE
CHRW INC.
TBBK DALEIGH HOLDINGS CORP
QDEL AFFIRM HOLDINGS
IE FLYWIRE CORP
CHUC C.H. ROBINSON WORLDWIDE
RXO_w INC.
GTE THE BANCORP
CNVS INC.
COCH QUIDEL CORP
ASST IVANHOE ELECTRIC INC
SPGI CHARLIES HLDGS INC
EKSO RXO INC
NDAQ GRAN TIERRA ENERGY INC.
LNZA CINEVERSE CORP
ANZU SPECIAL ACQUISITION CORP I
ASSET ENTITIES INC.
MCGRAW HILL FINANCIAL INC
EKSO BIONICS HOLDINGS INC.
THE NASDAQ OMX GROUP
INC.
LANZATECH GLOBAL INC
02/22/26 February 22, 2026 1 EN
 PRESS RELEASE
Free
TENB Tenable Holding...

Tenable Research Reveals Growing AI Exposure Gap Fueled by Supply Chai...

Tenable Research Reveals Growing AI Exposure Gap Fueled by Supply Chain Risks and Lack of Identity Controls Report finds 86% of organizations have installed third-party code packages with critical-severity vulnerabilities; 65% expose high-value assets through forgotten cloud credentials COLUMBIA, Md., Feb. 19, 2026 (GLOBE NEWSWIRE) -- (NASDAQ: TENB), the , today released its . The research reveals organizations face a zero‑margin as they inherit cyber risks faster than they can address them. Engineering velocity — driven by AI adoption, third-party code and cloud scale — has outpaced ...

February 19, 2026 1 EN
 PRESS RELEASE
Free
TENB Tenable Holding...

Tenable co-CEO and CFO to Present at Upcoming Investor Events

Tenable co-CEO and CFO to Present at Upcoming Investor Events COLUMBIA, Md., Feb. 17, 2026 (GLOBE NEWSWIRE) -- Tenable Holdings, Inc. (NASDAQ: TENB), the , today announced that Steve Vintz, co-CEO of Tenable, and Matt Brown, CFO of Tenable, will present at the Morgan Stanley Technology, Media & Telecom Conference. Details for the event are as follows: Morgan Stanley Technology, Media & Telecom ConferenceTuesday, March 3, 2026San Francisco For more information about Tenable’s upcoming investor event participation and a webcast of the presentations, visit . About TenableTenable® is the ...

February 17, 2026 1 EN
Jonathan Moreland
  • Jonathan Moreland
Free Trial
ROP ROPER TECHNOLOG...
VRNS Varonis Systems... ... (+51)

InsiderInsights Weekly Report: February 14, 2026

InsiderInsights Ratings of Companies with Open-Market Form 4 Purchases; Sales Filed at the SEC on the date above. We separate the real investment intelligence from the noise. Saving you time, and improving your research process

ROP ROPER TECHNOLOGIES INC.
VRNS VARONIS SYSTEMS INC.
UEPS NET 1 U.E.P.S. TECHNOLOGIES INC.
TWI TITAN INTERNATIONAL INC.
SLP SIMULATIONS PLUS
SCSC SCANSOURCE INC.
PSEC PROSPECT CAPITAL CORPORATION
PAYX PAYCHEX INC.
NG. NOVAGOLD RESOURCES INC.
MOH MOLINA HEALTHCARE INC.
MMS MAXIMUS INC.
LMAT LEMAITRE VASCULAR INC.
KVHI KVH INDUSTRIES INC.
GKOS GLAUKOS CORP
CINF CINCINNATI FINANCIAL CORPORATION
BMI BADGER METER INC.
ARE ALEXANDRIA REAL ESTATE EQUITIES INC.
ARCC ARES CAPITAL CORPORATION
ASA ASA
PRU PRUDENTIAL PLC
TSI TCW STRATEGIC INCOME FUND INC.
PLBC PLUMAS BANCORP
GRF EAGLE CAPITAL GROWTH FUND INC
LW LAMB WESTON HOLDINGS INC.
HWKN HAWKINS INC.
WDFC WD-40 COMPANY
PW POWER REIT
ABT ABBOTT LABORATORIES
KKR KKR & CO. INC.
AXR AMREP
SONO SONOS
TENB TENABLE HOLDINGS
AVTR AVANTOR
CMTV INC.
AON COMMUNITY BANCORP INC. VT
BSTZ AON PLC CLASS A
AFRM BLACKROCK SCIENCE AND TECHNOLOGY TRUST II
INTA AFFIRM HOLDINGS
TMC INTAPP INC
CHRW TMC THE METALS CO INC
TBBK C.H. ROBINSON WORLDWIDE
FRST INC.
QDEL THE BANCORP
CHUC INC.
PMN PRIMIS FINANCIAL CORP
HYMC QUIDEL CORP
CING CHARLIES HLDGS INC
SPGI PROMIS NEUROSCIENCES INC.
HYCROFT MINING HOLDING CORPORATION
CINGULATE INC
MCGRAW HILL FINANCIAL INC
02/15/26 February 15, 2026 1 EN

ResearchPool Subscriptions

Get the most out of your insights

Get in touch