Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    53 vulnerabilities

    CVE-2026-15053 (GCVE-0-2026-15053)

    Vulnerability from cvelistv5 – Published: 2026-07-08 13:46 – Updated: 2026-07-08 14:27
    VLAI
    Title
    Tanium addressed a denial of service vulnerability in Tanium Server.
    Summary
    Tanium addressed a denial of service vulnerability in Tanium Server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Server Affected: 7.7.3.8298 , < 7.7.3.8298 (custom)
    Affected: 7.8.2.1198 , < 7.8.2.1198 (custom)
    Affected: 7.8.4.1327 , < 7.8.4.1327 (custom)
    Create a notification for this product.
    Date Public
    2026-07-07 20:17
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T14:27:30.302303Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T14:27:37.033Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tanium Server",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "7.7.3.8298",
                  "status": "affected",
                  "version": "7.7.3.8298",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2.1198",
                  "status": "affected",
                  "version": "7.8.2.1198",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.4.1327",
                  "status": "affected",
                  "version": "7.8.4.1327",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-07-08T13:33:20.107Z",
          "datePublic": "2026-07-07T20:17:39.951Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a denial of service vulnerability in Tanium Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T13:46:40.902Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-016",
              "url": "https://security.tanium.com/TAN-2026-016"
            }
          ],
          "title": "Tanium addressed a denial of service vulnerability in Tanium Server."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-15053",
        "datePublished": "2026-07-08T13:46:40.902Z",
        "dateReserved": "2026-07-08T13:33:20.588Z",
        "dateUpdated": "2026-07-08T14:27:37.033Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9208 (GCVE-0-2026-9208)

    Vulnerability from cvelistv5 – Published: 2026-05-27 20:59 – Updated: 2026-05-28 13:22
    VLAI
    Title
    Tanium addressed an unauthorized code execution vulnerability in Connect.
    Summary
    Tanium addressed an unauthorized code execution vulnerability in Connect.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Connect Affected: 5.26 , < 5.26.191 (custom)
    Affected: 5.29 , < 5.29.237 (custom)
    Affected: 5.37 , < 5.37.140 (custom)
    Create a notification for this product.
    Date Public
    2026-05-27 20:59
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T13:22:21.390236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T13:22:32.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connect",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "5.26.191",
                  "status": "affected",
                  "version": "5.26",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.29.237",
                  "status": "affected",
                  "version": "5.29",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.37.140",
                  "status": "affected",
                  "version": "5.37",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-05-21T16:49:31.914Z",
          "datePublic": "2026-05-27T20:59:31.374Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an unauthorized code execution vulnerability in Connect."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T20:59:43.199Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-015",
              "url": "https://security.tanium.com/TAN-2026-015"
            }
          ],
          "title": "Tanium addressed an unauthorized code execution vulnerability in Connect."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-9208",
        "datePublished": "2026-05-27T20:59:43.199Z",
        "dateReserved": "2026-05-21T16:49:32.433Z",
        "dateUpdated": "2026-05-28T13:22:32.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9207 (GCVE-0-2026-9207)

    Vulnerability from cvelistv5 – Published: 2026-05-27 01:19 – Updated: 2026-05-27 14:07
    VLAI
    Title
    Tanium addressed an unauthorized code execution vulnerability in Connect.
    Summary
    Tanium addressed an unauthorized code execution vulnerability in Connect.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Connect Affected: 5.26 , < 5.26.191 (custom)
    Affected: 5.29 , < 5.29.237 (custom)
    Affected: 5.37 , < 5.37.140 (custom)
    Create a notification for this product.
    Date Public
    2026-05-27 01:19
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T13:50:58.138797Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T13:51:16.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connect",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "5.26.191",
                  "status": "affected",
                  "version": "5.26",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.29.237",
                  "status": "affected",
                  "version": "5.29",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.37.140",
                  "status": "affected",
                  "version": "5.37",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-05-21T16:46:15.094Z",
          "datePublic": "2026-05-27T01:19:08.632Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an unauthorized code execution vulnerability in Connect."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T14:07:47.038Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-014",
              "url": "https://security.tanium.com/TAN-2026-014"
            }
          ],
          "title": "Tanium addressed an unauthorized code execution vulnerability in Connect."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-9207",
        "datePublished": "2026-05-27T01:19:26.555Z",
        "dateReserved": "2026-05-21T16:46:15.651Z",
        "dateUpdated": "2026-05-27T14:07:47.038Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9156 (GCVE-0-2026-9156)

    Vulnerability from cvelistv5 – Published: 2026-05-27 01:19 – Updated: 2026-05-27 13:50
    VLAI
    Title
    Tanium addressed a denial of service vulnerability in Tanium Server.
    Summary
    Tanium addressed a denial of service vulnerability in Tanium Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-772 - Missing Release of Resource after Effective Lifetime
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Server Affected: 7.6.4.0 , < 7.6.4.2190 (custom)
    Affected: 7.7.3.0 , < 7.7.3.8274 (custom)
    Affected: 7.8.2.0 , < 7.8.2.1176 (custom)
    Create a notification for this product.
    Date Public
    2026-05-27 01:19
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9156",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T13:50:31.230808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T13:50:44.570Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tanium Server",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "7.6.4.2190",
                  "status": "affected",
                  "version": "7.6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.7.3.8274",
                  "status": "affected",
                  "version": "7.7.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2.1176",
                  "status": "affected",
                  "version": "7.8.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-05-21T01:21:37.531Z",
          "datePublic": "2026-05-27T01:19:03.729Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a denial of service vulnerability in Tanium Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-772",
                  "description": "Missing Release of Resource after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T01:19:26.286Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-013",
              "url": "https://security.tanium.com/TAN-2026-013"
            }
          ],
          "title": "Tanium addressed a denial of service vulnerability in Tanium Server."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-9156",
        "datePublished": "2026-05-27T01:19:26.286Z",
        "dateReserved": "2026-05-21T01:21:38.154Z",
        "dateUpdated": "2026-05-27T13:50:44.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6408 (GCVE-0-2026-6408)

    Vulnerability from cvelistv5 – Published: 2026-04-22 01:46 – Updated: 2026-04-22 12:49
    VLAI
    Title
    Tanium addressed an information disclosure vulnerability in Tanium Server.
    Summary
    Tanium addressed an information disclosure vulnerability in Tanium Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Server Affected: 7.6.4.0 , < 7.6.4.2185 (custom)
    Affected: 7.7.3.0 , < 7.7.3.8266 (custom)
    Affected: 7.8.2.0 , < 7.8.2.1168 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 01:46
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T12:48:18.544819Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T12:49:39.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Tanium Server",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "7.6.4.2185",
                  "status": "affected",
                  "version": "7.6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.7.3.8266",
                  "status": "affected",
                  "version": "7.7.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.8.2.1168",
                  "status": "affected",
                  "version": "7.8.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-04-15T21:51:17.273Z",
          "datePublic": "2026-04-22T01:46:17.259Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an information disclosure vulnerability in Tanium Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T01:46:40.653Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-012",
              "url": "https://security.tanium.com/TAN-2026-012"
            }
          ],
          "title": "Tanium addressed an information disclosure vulnerability in Tanium Server."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-6408",
        "datePublished": "2026-04-22T01:46:40.653Z",
        "dateReserved": "2026-04-15T21:51:17.871Z",
        "dateUpdated": "2026-04-22T12:49:39.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6392 (GCVE-0-2026-6392)

    Vulnerability from cvelistv5 – Published: 2026-04-22 01:46 – Updated: 2026-04-22 12:54
    VLAI
    Title
    Tanium addressed an information disclosure vulnerability in Threat Response.
    Summary
    Tanium addressed an information disclosure vulnerability in Threat Response.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Threat Response Affected: 4.6.0 , < 4.6.577 (custom)
    Affected: 4.9.0 , < 4.9.379 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 01:46
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6392",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T12:54:38.845263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T12:54:52.343Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Threat Response",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "4.6.577",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.379",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-04-15T20:04:30.169Z",
          "datePublic": "2026-04-22T01:46:13.287Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an information disclosure vulnerability in Threat Response."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T01:46:29.651Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-011",
              "url": "https://security.tanium.com/TAN-2026-011"
            }
          ],
          "title": "Tanium addressed an information disclosure vulnerability in Threat Response."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-6392",
        "datePublished": "2026-04-22T01:46:29.651Z",
        "dateReserved": "2026-04-15T20:04:30.751Z",
        "dateUpdated": "2026-04-22T12:54:52.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6416 (GCVE-0-2026-6416)

    Vulnerability from cvelistv5 – Published: 2026-04-22 01:46 – Updated: 2026-04-22 12:57
    VLAI
    Title
    Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
    Summary
    Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Interact Affected: 3.2.0 , < 3.2.202 (custom)
    Affected: 3.5.0 , < 3.5.108 (custom)
    Affected: 3.8.0 , < 3.8.47 (custom)
        cpe:2.3:a:tanium:service_interact:3.2.196:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_interact:3.5.102:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_interact:3.8.46:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-04-22 01:46
    Credits
    Eric Bester
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6416",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T12:57:48.199961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T12:57:59.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_interact:3.2.196:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_interact:3.5.102:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_interact:3.8.46:*:*:*:*:*:*:*"
              ],
              "product": "Interact",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "3.2.202",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.108",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.8.47",
                  "status": "affected",
                  "version": "3.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric Bester"
            }
          ],
          "dateAssigned": "2026-04-15T23:55:39.195Z",
          "datePublic": "2026-04-22T01:46:08.322Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T01:46:19.376Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-010",
              "url": "https://security.tanium.com/TAN-2026-010"
            }
          ],
          "title": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-6416",
        "datePublished": "2026-04-22T01:46:19.376Z",
        "dateReserved": "2026-04-15T23:55:39.808Z",
        "dateUpdated": "2026-04-22T12:57:59.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2350 (GCVE-0-2026-2350)

    Vulnerability from cvelistv5 – Published: 2026-02-19 23:10 – Updated: 2026-03-02 15:50
    VLAI
    Title
    Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
    Summary
    Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Interact Affected: 3.2.0 , < 3.2.196 (custom)
    Affected: 3.5.0 , < 3.5.102 (custom)
        cpe:2.3:a:tanium:service_interact:3.2.195:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_interact:3.5.101:*:*:*:*:*:*:*
    Create a notification for this product.
    Tanium TDS Affected: 4.1.0 , < 4.1.257 (custom)
        cpe:2.3:a:tanium:service_tds:4.1.256:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-02-19 23:10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T15:41:02.790036Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T15:50:27.043Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_interact:3.2.195:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_interact:3.5.101:*:*:*:*:*:*:*"
              ],
              "product": "Interact",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "3.2.196",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.5.102",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_tds:4.1.256:*:*:*:*:*:*:*"
              ],
              "product": "TDS",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "4.1.257",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-02-11T16:04:36.295Z",
          "datePublic": "2026-02-19T23:10:05.500Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T23:14:23.480Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-008",
              "url": "https://security.tanium.com/TAN-2026-008"
            }
          ],
          "title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-2350",
        "datePublished": "2026-02-19T23:10:33.951Z",
        "dateReserved": "2026-02-11T16:04:36.872Z",
        "dateUpdated": "2026-03-02T15:50:27.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1292 (GCVE-0-2026-1292)

    Vulnerability from cvelistv5 – Published: 2026-02-19 23:10 – Updated: 2026-03-02 15:50
    VLAI
    Title
    Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
    Summary
    Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Trends Affected: 3.10.0 , < 3.10.20 (custom)
    Affected: 3.11.0 , < 3.11.79 (custom)
        cpe:2.3:a:tanium:service_trends:3.10.19:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_trends:3.11.77:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-02-19 23:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1292",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T15:50:37.988052Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T15:50:54.033Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_trends:3.10.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_trends:3.11.77:*:*:*:*:*:*:*"
              ],
              "product": "Trends",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "3.10.20",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.11.79",
                  "status": "affected",
                  "version": "3.11.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-01-21T16:30:45.079Z",
          "datePublic": "2026-02-19T23:09:55.630Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T23:10:23.372Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-007",
              "url": "https://security.tanium.com/TAN-2026-007"
            }
          ],
          "title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-1292",
        "datePublished": "2026-02-19T23:10:23.372Z",
        "dateReserved": "2026-01-21T16:30:45.783Z",
        "dateUpdated": "2026-03-02T15:50:54.033Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2605 (GCVE-0-2026-2605)

    Vulnerability from cvelistv5 – Published: 2026-02-19 23:10 – Updated: 2026-03-02 15:51
    VLAI
    Title
    Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
    Summary
    Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium TanOS Affected: 1.8.4 , < 1.8.4.0249 (custom)
    Affected: 1.8.5 , < 1.8.5.0282 (custom)
    Affected: 1.8.6 , < 1.8.6.0150 (custom)
        cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-02-19 23:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T15:51:21.997907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T15:51:41.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*"
              ],
              "product": "TanOS",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.8.4.0249",
                  "status": "affected",
                  "version": "1.8.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.5.0282",
                  "status": "affected",
                  "version": "1.8.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.6.0150",
                  "status": "affected",
                  "version": "1.8.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-02-16T21:37:14.785Z",
          "datePublic": "2026-02-19T23:09:49.159Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T23:13:38.465Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-006",
              "url": "https://security.tanium.com/TAN-2026-006"
            }
          ],
          "title": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-2605",
        "datePublished": "2026-02-19T23:10:02.867Z",
        "dateReserved": "2026-02-16T21:37:15.555Z",
        "dateUpdated": "2026-03-02T15:51:41.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2408 (GCVE-0-2026-2408)

    Vulnerability from cvelistv5 – Published: 2026-02-19 23:09 – Updated: 2026-03-02 15:55
    VLAI
    Title
    Use-after-free in Cloud Workloads
    Summary
    Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Cloud Workloads Affected: 1.0.222 , < 1.0.222 (custom)
        cpe:2.3:a:tanium:service_cloudworkloads:1.0.221:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-02-19 23:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T15:54:55.216169Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T15:55:09.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_cloudworkloads:1.0.221:*:*:*:*:*:*:*"
              ],
              "product": "Cloud Workloads",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.0.222",
                  "status": "affected",
                  "version": "1.0.222",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-02-12T13:49:48.721Z",
          "datePublic": "2026-02-19T23:09:40.352Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T23:09:51.620Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-005",
              "url": "https://security.tanium.com/TAN-2026-005"
            }
          ],
          "title": "Use-after-free in Cloud Workloads"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-2408",
        "datePublished": "2026-02-19T23:09:51.620Z",
        "dateReserved": "2026-02-12T13:49:49.307Z",
        "dateUpdated": "2026-03-02T15:55:09.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2435 (GCVE-0-2026-2435)

    Vulnerability from cvelistv5 – Published: 2026-02-19 23:09 – Updated: 2026-03-02 15:55
    VLAI
    Title
    ASSET-7706
    Summary
    Tanium addressed a SQL injection vulnerability in Asset.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Asset Affected: 1.32 , < 1.32.179 (custom)
    Affected: 1.33 , < 1.33.269 (custom)
    Affected: 1.36 , < 1.36.108 (custom)
        cpe:2.3:a:tanium:service_asset:1.32.178:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_asset:1.33.268:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_asset:1.36.107:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-02-19 23:09
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2435",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T15:55:19.435641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T15:55:43.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_asset:1.32.178:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_asset:1.33.268:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_asset:1.36.107:*:*:*:*:*:*:*"
              ],
              "product": "Asset",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.32.179",
                  "status": "affected",
                  "version": "1.32",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.33.269",
                  "status": "affected",
                  "version": "1.33",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.36.108",
                  "status": "affected",
                  "version": "1.36",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-02-12T22:26:04.213Z",
          "datePublic": "2026-02-19T23:09:30.641Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a SQL injection vulnerability in Asset."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T23:09:41.110Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-004",
              "url": "https://security.tanium.com/TAN-2026-004"
            }
          ],
          "title": "ASSET-7706"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-2435",
        "datePublished": "2026-02-19T23:09:41.110Z",
        "dateReserved": "2026-02-12T22:26:04.828Z",
        "dateUpdated": "2026-03-02T15:55:43.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1344 (GCVE-0-2026-1344)

    Vulnerability from cvelistv5 – Published: 2026-02-17 23:43 – Updated: 2026-02-18 13:41
    VLAI
    Title
    Insecure file permissions in Enforce Recovery Key Portal
    Summary
    Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Enforce Recovery Key Portal Affected: 1.0.0 , < 1.62.5 (custom)
        cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-02-17 23:43
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T13:40:38.287908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T13:41:49.780Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:*"
              ],
              "product": "Enforce Recovery Key Portal",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.62.5",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2026-01-22T16:16:38.364Z",
          "datePublic": "2026-02-17T23:43:20.540Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T23:43:30.432Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2026-003",
              "url": "https://security.tanium.com/TAN-2026-003"
            }
          ],
          "title": "Insecure file permissions in Enforce Recovery Key Portal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2026-1344",
        "datePublished": "2026-02-17T23:43:30.432Z",
        "dateReserved": "2026-01-22T16:16:38.983Z",
        "dateUpdated": "2026-02-18T13:41:49.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15314 (GCVE-0-2025-15314)

    Vulnerability from cvelistv5 – Published: 2026-02-09 23:05 – Updated: 2026-02-10 20:18
    VLAI
    Title
    Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
    Summary
    Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium end-user-cx Affected: 1.4.0 , < 1.4.1175 (custom)
    Affected: 1.6.0 , < 1.6.926 (custom)
    Affected: 1.8.0 , < 1.8.21 (custom)
        cpe:2.3:a:tanium:endpoint_end-user-cx:1.4.1174:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_end-user-cx:1.6.925:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_end-user-cx:1.8.20:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T20:18:17.474330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T20:18:24.846Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:endpoint_end-user-cx:1.4.1174:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_end-user-cx:1.6.925:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_end-user-cx:1.8.20:*:*:*:*:*:*:*"
              ],
              "product": "end-user-cx",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.4.1175",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.6.926",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.21",
                  "status": "affected",
                  "version": "1.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:12:54.705Z",
          "datePublic": "2025-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an arbitrary file deletion vulnerability in end-user-cx."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T23:06:46.478Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-010",
              "url": "https://security.tanium.com/TAN-2025-010"
            }
          ],
          "title": "Tanium addressed an arbitrary file deletion vulnerability in end-user-cx."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15314",
        "datePublished": "2026-02-09T23:05:16.503Z",
        "dateReserved": "2025-12-29T23:12:54.874Z",
        "dateUpdated": "2026-02-10T20:18:24.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15313 (GCVE-0-2025-15313)

    Vulnerability from cvelistv5 – Published: 2026-02-09 23:05 – Updated: 2026-02-10 20:17
    VLAI
    Title
    Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
    Summary
    Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium EUSS Affected: 1.17.0 , < 1.17.41 (custom)
    Affected: 1.18.0 , < 1.18.28 (custom)
        cpe:2.3:a:tanium:endpoint_euss:1.17.40:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_euss:1.18.27:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15313",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T20:17:52.390755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T20:17:58.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:endpoint_euss:1.17.40:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_euss:1.18.27:*:*:*:*:*:*:*"
              ],
              "product": "Tanium EUSS",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.17.41",
                  "status": "affected",
                  "version": "1.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.18.28",
                  "status": "affected",
                  "version": "1.18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:12:53.970Z",
          "datePublic": "2025-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T23:09:09.849Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-010",
              "url": "https://security.tanium.com/TAN-2025-010"
            }
          ],
          "title": "Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15313",
        "datePublished": "2026-02-09T23:05:16.158Z",
        "dateReserved": "2025-12-29T23:12:54.257Z",
        "dateUpdated": "2026-02-10T20:17:58.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15310 (GCVE-0-2025-15310)

    Vulnerability from cvelistv5 – Published: 2026-02-09 23:00 – Updated: 2026-02-10 20:17
    VLAI
    Title
    Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
    Summary
    Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Patch Endpoint Tools Affected: 3.17.0 , < 3.17.10195 (custom)
    Affected: 10.1.0 , < 10.1.33 (custom)
    Affected: 10.2.0 , < 10.2.22 (custom)
        cpe:2.3:a:tanium:endpoint_patch:3.17.10194:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_patch:10.1.32:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_patch:10.2.21:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-01-14 00:00
    Credits
    Filip Magic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T20:17:22.301449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T20:17:29.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:endpoint_patch:3.17.10194:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_patch:10.1.32:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_patch:10.2.21:*:*:*:*:*:*:*"
              ],
              "product": "Patch Endpoint Tools",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "3.17.10195",
                  "status": "affected",
                  "version": "3.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.33",
                  "status": "affected",
                  "version": "10.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.22",
                  "status": "affected",
                  "version": "10.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Filip Magic"
            }
          ],
          "dateAssigned": "2025-12-29T23:12:52.295Z",
          "datePublic": "2025-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T23:11:05.748Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-001",
              "url": "https://security.tanium.com/TAN-2025-001"
            }
          ],
          "title": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15310",
        "datePublished": "2026-02-09T23:00:51.789Z",
        "dateReserved": "2025-12-29T23:12:52.477Z",
        "dateUpdated": "2026-02-10T20:17:29.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15318 (GCVE-0-2025-15318)

    Vulnerability from cvelistv5 – Published: 2026-02-09 22:56 – Updated: 2026-02-10 21:22
    VLAI
    Title
    Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
    Summary
    Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium End-User Notifications Endpoint Tools Affected: 1.18.0 , < 1.18.10079 (custom)
    Affected: 10.0.0 , < 10.0.14 (custom)
    Affected: 10.1.0 , < 10.1.20 (custom)
        cpe:2.3:a:tanium:endpoint_end-user-notifications:1.18.10078:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_end-user-notifications:10.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_end-user-notifications:10.1.19:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-05-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15318",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T21:21:53.649467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T21:22:00.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:endpoint_end-user-notifications:1.18.10078:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_end-user-notifications:10.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_end-user-notifications:10.1.19:*:*:*:*:*:*:*"
              ],
              "product": "End-User Notifications Endpoint Tools",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.18.10079",
                  "status": "affected",
                  "version": "1.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.14",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.20",
                  "status": "affected",
                  "version": "10.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:12:57.784Z",
          "datePublic": "2025-05-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T23:11:46.729Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-017",
              "url": "https://security.tanium.com/TAN-2025-017"
            }
          ],
          "title": "Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15318",
        "datePublished": "2026-02-09T22:56:27.343Z",
        "dateReserved": "2025-12-29T23:12:57.929Z",
        "dateUpdated": "2026-02-10T21:22:00.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15319 (GCVE-0-2025-15319)

    Vulnerability from cvelistv5 – Published: 2026-02-09 22:52 – Updated: 2026-02-10 21:21
    VLAI
    Title
    Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
    Summary
    Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Patch Endpoint Tools Affected: 3.17.0 , < 3.17.10207 (custom)
    Affected: 10.1.0 , < 10.1.50 (custom)
    Affected: 10.7.0 , < 10.7.25 (custom)
    Affected: 10.9.0 , < 10.9.31 (custom)
    Affected: 10.11.0 , < 10.11.27 (custom)
        cpe:2.3:a:tanium:endpoint_patch:3.17.10206:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_patch:10.1.49:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_patch:10.7.24:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_patch:10.9.30:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:endpoint_patch:10.10.26:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-08-07 00:00
    Credits
    Owen Jeanes
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T21:21:32.326259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T21:21:40.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:endpoint_patch:3.17.10206:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_patch:10.1.49:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_patch:10.7.24:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_patch:10.9.30:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:endpoint_patch:10.10.26:*:*:*:*:*:*:*"
              ],
              "product": "Patch Endpoint Tools",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "3.17.10207",
                  "status": "affected",
                  "version": "3.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.50",
                  "status": "affected",
                  "version": "10.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.7.25",
                  "status": "affected",
                  "version": "10.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.9.31",
                  "status": "affected",
                  "version": "10.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.11.27",
                  "status": "affected",
                  "version": "10.11.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Owen Jeanes"
            }
          ],
          "dateAssigned": "2025-12-29T23:12:58.700Z",
          "datePublic": "2025-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T23:09:49.225Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-021",
              "url": "https://security.tanium.com/TAN-2025-021"
            }
          ],
          "title": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15319",
        "datePublished": "2026-02-09T22:52:32.693Z",
        "dateReserved": "2025-12-29T23:12:58.866Z",
        "dateUpdated": "2026-02-10T21:21:40.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15315 (GCVE-0-2025-15315)

    Vulnerability from cvelistv5 – Published: 2026-02-09 21:48 – Updated: 2026-02-10 16:59
    VLAI
    Title
    Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
    Summary
    Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Module Server Affected: 7.5.6.0 , < 7.5.6.1161 (custom)
    Affected: 7.4.6.0 , < 7.4.6.1151 (custom)
    Affected: 7.6.2.0 , < 7.6.2.1293 (custom)
    Affected: 7.6.4.0 , < 7.6.4.2114 (custom)
        cpe:2.3:a:tanium:moduleserver:7.5.6.1160:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:moduleserver:7.4.6.1150:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:moduleserver:7.6.2.1292:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:moduleserver:7.6.4.2113:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T16:58:41.692979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T16:59:35.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:moduleserver:7.5.6.1160:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:moduleserver:7.4.6.1150:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:moduleserver:7.6.2.1292:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:moduleserver:7.6.4.2113:*:*:*:*:*:*:*"
              ],
              "product": "Tanium Module Server",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "7.5.6.1161",
                  "status": "affected",
                  "version": "7.5.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.6.1151",
                  "status": "affected",
                  "version": "7.4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.2.1293",
                  "status": "affected",
                  "version": "7.6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.4.2114",
                  "status": "affected",
                  "version": "7.6.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:12:55.398Z",
          "datePublic": "2025-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a local privilege escalation vulnerability in Tanium Module Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T21:48:49.693Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-011",
              "url": "https://security.tanium.com/TAN-2025-011"
            }
          ],
          "title": "Tanium addressed a local privilege escalation vulnerability in Tanium Module Server."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15315",
        "datePublished": "2026-02-09T21:48:49.693Z",
        "dateReserved": "2025-12-29T23:12:55.559Z",
        "dateUpdated": "2026-02-10T16:59:35.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15316 (GCVE-0-2025-15316)

    Vulnerability from cvelistv5 – Published: 2026-02-09 21:48 – Updated: 2026-02-10 15:59
    VLAI
    Title
    Tanium addressed a local privilege escalation vulnerability in Tanium Server.
    Summary
    Tanium addressed a local privilege escalation vulnerability in Tanium Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Server Affected: 7.4.6.0 , < 7.4.6.1151 (custom)
    Affected: 7.5.6.0 , < 7.5.6.1161 (custom)
    Affected: 7.6.2.0 , < 7.6.2.1293 (custom)
    Affected: 7.6.4.0 , < 7.6.4.2114 (custom)
        cpe:2.3:a:tanium:server:7.4.6.1150:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:server:7.5.6.1160:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:server:7.6.2.1292:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:server:7.6.4.2113:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T15:58:59.416693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T15:59:23.904Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:server:7.4.6.1150:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:server:7.5.6.1160:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:server:7.6.2.1292:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:server:7.6.4.2113:*:*:*:*:*:*:*"
              ],
              "product": "Tanium Server",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "7.4.6.1151",
                  "status": "affected",
                  "version": "7.4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.5.6.1161",
                  "status": "affected",
                  "version": "7.5.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.2.1293",
                  "status": "affected",
                  "version": "7.6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.4.2114",
                  "status": "affected",
                  "version": "7.6.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:12:56.161Z",
          "datePublic": "2025-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a local privilege escalation vulnerability in Tanium Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T21:48:49.471Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-011",
              "url": "https://security.tanium.com/TAN-2025-011"
            }
          ],
          "title": "Tanium addressed a local privilege escalation vulnerability in Tanium Server."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15316",
        "datePublished": "2026-02-09T21:48:49.471Z",
        "dateReserved": "2025-12-29T23:12:56.327Z",
        "dateUpdated": "2026-02-10T15:59:23.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15317 (GCVE-0-2025-15317)

    Vulnerability from cvelistv5 – Published: 2026-02-09 21:43 – Updated: 2026-02-10 16:01
    VLAI
    Title
    Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
    Summary
    Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Server Affected: 7.4.6.0 , < 7.4.6.1154 (custom)
    Affected: 7.5.6.0 , < 7.5.6.1164 (custom)
    Affected: 7.6.2.0 , < 7.6.2.1303 (custom)
    Affected: 7.6.4.0 , < 7.6.4.2124 (custom)
        cpe:2.3:a:tanium:server:7.4.6.1153:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:server:7.5.6.1163:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:server:7.6.2.1302:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:server:7.6.4.2123:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T16:00:52.783721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T16:01:34.788Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:server:7.4.6.1153:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:server:7.5.6.1163:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:server:7.6.2.1302:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:server:7.6.4.2123:*:*:*:*:*:*:*"
              ],
              "product": "Tanium Server",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "7.4.6.1154",
                  "status": "affected",
                  "version": "7.4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.5.6.1164",
                  "status": "affected",
                  "version": "7.5.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.2.1303",
                  "status": "affected",
                  "version": "7.6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.4.2124",
                  "status": "affected",
                  "version": "7.6.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:12:56.967Z",
          "datePublic": "2025-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T21:43:41.258Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-013",
              "url": "https://security.tanium.com/TAN-2025-013"
            }
          ],
          "title": "Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15317",
        "datePublished": "2026-02-09T21:43:41.258Z",
        "dateReserved": "2025-12-29T23:12:57.132Z",
        "dateUpdated": "2026-02-10T16:01:34.788Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15320 (GCVE-0-2025-15320)

    Vulnerability from cvelistv5 – Published: 2026-02-06 19:18 – Updated: 2026-02-06 19:40
    VLAI
    Title
    Tanium addressed a denial of service vulnerability in Tanium Client.
    Summary
    Tanium addressed a denial of service vulnerability in Tanium Client.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-605 - Multiple Binds to the Same Port
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Client Affected: 7.6.2.0 , < 7.6.2.1327 (custom)
    Affected: 7.6.4.0 , < 7.6.4.2160 (custom)
    Affected: 7.7.3.0 , < 7.7.3.8231 (custom)
    Affected: 7.4.10.0 , < 7.4.10.1118 (custom)
        cpe:2.3:a:tanium:client:7.4.10.1116:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:client:7.6.2.1326:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:client:7.6.4.2159:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:client:7.7.3.8230:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-08-19 00:00
    Credits
    Filip Waeytens Frank Lycops Jean-Michel Huguet Jorge Escabias Justin Hocquel from NCIA/NCSC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:40:12.881671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:40:46.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:client:7.4.10.1116:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:client:7.6.2.1326:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:client:7.6.4.2159:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:client:7.7.3.8230:*:*:*:*:*:*:*"
              ],
              "product": "Tanium Client",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "7.6.2.1327",
                  "status": "affected",
                  "version": "7.6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.4.2160",
                  "status": "affected",
                  "version": "7.6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.7.3.8231",
                  "status": "affected",
                  "version": "7.7.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.10.1118",
                  "status": "affected",
                  "version": "7.4.10.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Filip Waeytens"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Frank Lycops"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jean-Michel Huguet"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jorge Escabias"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Justin Hocquel from NCIA/NCSC"
            }
          ],
          "dateAssigned": "2025-12-29T23:12:59.718Z",
          "datePublic": "2025-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a denial of service vulnerability in Tanium Client."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-605",
                  "description": "Multiple Binds to the Same Port",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T19:18:13.493Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-023",
              "url": "https://security.tanium.com/TAN-2025-023"
            }
          ],
          "title": "Tanium addressed a denial of service vulnerability in Tanium Client."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15320",
        "datePublished": "2026-02-06T19:18:13.493Z",
        "dateReserved": "2025-12-29T23:12:59.888Z",
        "dateUpdated": "2026-02-06T19:40:46.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15311 (GCVE-0-2025-15311)

    Vulnerability from cvelistv5 – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:01
    VLAI
    Title
    Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
    Summary
    Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Appliance Affected: 1.8.3.0 , < 1.8.3.0146 (custom)
    Affected: 1.8.4.0 , < 1.8.4.0149 (custom)
    Affected: 1.8.5.0 , < 1.8.5.0212 (custom)
        cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15311",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:01:19.848854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:01:30.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*"
              ],
              "product": "Tanium Appliance",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.8.3.0146",
                  "status": "affected",
                  "version": "1.8.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.4.0149",
                  "status": "affected",
                  "version": "1.8.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.5.0212",
                  "status": "affected",
                  "version": "1.8.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:12:52.865Z",
          "datePublic": "2025-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-150",
                  "description": "Improper Neutralization of Escape, Meta, or Control Sequences",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T18:26:23.251Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-002",
              "url": "https://security.tanium.com/TAN-2025-002"
            }
          ],
          "title": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15311",
        "datePublished": "2026-02-05T18:26:23.251Z",
        "dateReserved": "2025-12-29T23:12:53.054Z",
        "dateUpdated": "2026-02-06T19:01:30.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15312 (GCVE-0-2025-15312)

    Vulnerability from cvelistv5 – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:02
    VLAI
    Title
    Tanium addressed an improper output sanitization vulnerability in TanOS.
    Summary
    Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Tanium Appliance Affected: 1.8.3.0 , < 1.8.3.0146 (custom)
    Affected: 1.8.4.0 , < 1.8.4.0157 (custom)
        cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:02:02.740803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:02:11.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*"
              ],
              "product": "Tanium Appliance",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.8.3.0146",
                  "status": "affected",
                  "version": "1.8.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.8.4.0157",
                  "status": "affected",
                  "version": "1.8.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:12:53.375Z",
          "datePublic": "2025-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T18:26:06.378Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-003",
              "url": "https://security.tanium.com/TAN-2025-003"
            }
          ],
          "title": "Tanium addressed an improper output sanitization vulnerability in TanOS."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15312",
        "datePublished": "2026-02-05T18:26:06.378Z",
        "dateReserved": "2025-12-29T23:12:53.559Z",
        "dateUpdated": "2026-02-06T19:02:11.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15324 (GCVE-0-2025-15324)

    Vulnerability from cvelistv5 – Published: 2026-02-05 18:25 – Updated: 2026-02-06 19:03
    VLAI
    Title
    Tanium addressed a local privilege escalation vulnerability in Engage.
    Summary
    Tanium addressed a documentation issue in Engage.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Engage Affected: 1.3.0 , < 1.3.37 (custom)
    Affected: 1.6.0 , < 1.6.193 (custom)
        cpe:2.3:a:tanium:service_engage:1.3.36:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_engage:1.6.192:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:03:35.009129Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:03:42.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_engage:1.3.36:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_engage:1.6.192:*:*:*:*:*:*:*"
              ],
              "product": "Engage",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "1.3.37",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.6.193",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:13:03.546Z",
          "datePublic": "2025-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed a documentation issue in Engage."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T18:25:52.474Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-004",
              "url": "https://security.tanium.com/TAN-2025-004"
            }
          ],
          "title": "Tanium addressed a local privilege escalation vulnerability in Engage."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15324",
        "datePublished": "2026-02-05T18:25:52.474Z",
        "dateReserved": "2025-12-29T23:13:03.776Z",
        "dateUpdated": "2026-02-06T19:03:42.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15325 (GCVE-0-2025-15325)

    Vulnerability from cvelistv5 – Published: 2026-02-05 18:25 – Updated: 2026-02-06 19:04
    VLAI
    Title
    Tanium addressed an improper input validation vulnerability in Discover.
    Summary
    Tanium addressed an improper input validation vulnerability in Discover.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Discover Affected: 4.10.0 , < 4.10.90 (custom)
        cpe:2.3:a:tanium:service_discover:4.10.89:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:04:36.861254Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:04:45.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_discover:4.10.89:*:*:*:*:*:*:*"
              ],
              "product": "Discover",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "4.10.90",
                  "status": "affected",
                  "version": "4.10.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:13:04.660Z",
          "datePublic": "2025-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an improper input validation vulnerability in Discover."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T18:25:29.908Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-005",
              "url": "https://security.tanium.com/TAN-2025-005"
            }
          ],
          "title": "Tanium addressed an improper input validation vulnerability in Discover."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15325",
        "datePublished": "2026-02-05T18:25:29.908Z",
        "dateReserved": "2025-12-29T23:13:04.840Z",
        "dateUpdated": "2026-02-06T19:04:45.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15326 (GCVE-0-2025-15326)

    Vulnerability from cvelistv5 – Published: 2026-02-05 18:25 – Updated: 2026-02-06 19:07
    VLAI
    Title
    Tanium addressed an improper access controls vulnerability in Patch.
    Summary
    Tanium addressed an improper access controls vulnerability in Patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Patch Affected: 3.17.0 , < 3.17.2262 (custom)
    Affected: 3.19.0 , < 3.19.195 (custom)
        cpe:2.3:a:tanium:service_patch:3.17.2261:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_patch:3.19.194:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15326",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:07:15.349117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:07:24.033Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_patch:3.17.2261:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_patch:3.19.194:*:*:*:*:*:*:*"
              ],
              "product": "Patch",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "3.17.2262",
                  "status": "affected",
                  "version": "3.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.19.195",
                  "status": "affected",
                  "version": "3.19.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:13:29.639Z",
          "datePublic": "2025-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an improper access controls vulnerability in Patch."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T18:25:11.487Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-006",
              "url": "https://security.tanium.com/TAN-2025-006"
            }
          ],
          "title": "Tanium addressed an improper access controls vulnerability in Patch."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15326",
        "datePublished": "2026-02-05T18:25:11.487Z",
        "dateReserved": "2025-12-29T23:13:29.803Z",
        "dateUpdated": "2026-02-06T19:07:24.033Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15327 (GCVE-0-2025-15327)

    Vulnerability from cvelistv5 – Published: 2026-02-05 18:25 – Updated: 2026-02-06 19:10
    VLAI
    Title
    Tanium addressed an improper access controls vulnerability in Deploy.
    Summary
    Tanium addressed an improper access controls vulnerability in Deploy.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Deploy Affected: 2.26.0 , < 2.26.1253 (custom)
    Affected: 2.30.0 , < 2.30.150 (custom)
        cpe:2.3:a:tanium:service_deploy:2.26.1252:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_deploy:2.30.149:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15327",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:10:10.675713Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:10:18.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_deploy:2.26.1252:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_deploy:2.30.149:*:*:*:*:*:*:*"
              ],
              "product": "Deploy",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "2.26.1253",
                  "status": "affected",
                  "version": "2.26.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.30.150",
                  "status": "affected",
                  "version": "2.30.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:13:29.851Z",
          "datePublic": "2025-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an improper access controls vulnerability in Deploy."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T18:25:11.258Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-006",
              "url": "https://security.tanium.com/TAN-2025-006"
            }
          ],
          "title": "Tanium addressed an improper access controls vulnerability in Deploy."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15327",
        "datePublished": "2026-02-05T18:25:11.258Z",
        "dateReserved": "2025-12-29T23:13:30.151Z",
        "dateUpdated": "2026-02-06T19:10:18.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15328 (GCVE-0-2025-15328)

    Vulnerability from cvelistv5 – Published: 2026-02-05 18:24 – Updated: 2026-02-06 19:12
    VLAI
    Title
    Tanium addressed an improper link resolution before file access vulnerability in Enforce.
    Summary
    Tanium addressed an improper link resolution before file access vulnerability in Enforce.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Enforce Affected: 2.7.0 , < 2.7.314 (custom)
    Affected: 2.8.0 , < 2.8.544 (custom)
        cpe:2.3:a:tanium:service_enforce:2.7.313:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_enforce:2.8.543:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15328",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:12:46.298503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:12:54.357Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_enforce:2.7.313:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_enforce:2.8.543:*:*:*:*:*:*:*"
              ],
              "product": "Enforce",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "2.7.314",
                  "status": "affected",
                  "version": "2.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.8.544",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:13:30.169Z",
          "datePublic": "2025-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an improper link resolution before file access vulnerability in Enforce."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T18:24:42.534Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-007",
              "url": "https://security.tanium.com/TAN-2025-007"
            }
          ],
          "title": "Tanium addressed an improper link resolution before file access vulnerability in Enforce."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15328",
        "datePublished": "2026-02-05T18:24:42.534Z",
        "dateReserved": "2025-12-29T23:13:30.399Z",
        "dateUpdated": "2026-02-06T19:12:54.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15330 (GCVE-0-2025-15330)

    Vulnerability from cvelistv5 – Published: 2026-02-05 18:24 – Updated: 2026-02-06 19:13
    VLAI
    Title
    Tanium addressed an improper input validation vulnerability in Deploy.
    Summary
    Tanium addressed an improper input validation vulnerability in Deploy.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tanium Deploy Affected: 2.26.0 , < 2.26.1279 (custom)
    Affected: 2.30.0 , < 2.30.175 (custom)
        cpe:2.3:a:tanium:service_deploy:2.26.1278:*:*:*:*:*:*:*
        cpe:2.3:a:tanium:service_deploy:2.30.174:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2025-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:13:20.790327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T19:13:31.613Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:tanium:service_deploy:2.26.1278:*:*:*:*:*:*:*",
                "cpe:2.3:a:tanium:service_deploy:2.30.174:*:*:*:*:*:*:*"
              ],
              "product": "Deploy",
              "vendor": "Tanium",
              "versions": [
                {
                  "lessThan": "2.26.1279",
                  "status": "affected",
                  "version": "2.26.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.30.175",
                  "status": "affected",
                  "version": "2.30.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2025-12-29T23:13:30.875Z",
          "datePublic": "2025-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Tanium addressed an improper input validation vulnerability in Deploy."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-05T18:24:27.066Z",
            "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
            "shortName": "Tanium"
          },
          "references": [
            {
              "name": "TAN-2025-012",
              "url": "https://security.tanium.com/TAN-2025-012"
            }
          ],
          "title": "Tanium addressed an improper input validation vulnerability in Deploy."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "assignerShortName": "Tanium",
        "cveId": "CVE-2025-15330",
        "datePublished": "2026-02-05T18:24:27.066Z",
        "dateReserved": "2025-12-29T23:13:31.023Z",
        "dateUpdated": "2026-02-06T19:13:31.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }