Description
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.
Published: 2026-01-26
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service due to resource exhaustion
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an uncontrolled resource consumption flaw in Tanium Discover that can cause excessive CPU or memory usage, potentially degrading or halting the Discover service and impacting other Tanium components. This results in a denial‐of‐service condition for the affected system.

Affected Systems

Affected are Tanium Discover on all versions and Tanium Service Asset versions 4.10.133 and 4.15.129, as indicated by the supplied CPE identifiers.

Risk and Exploitability

The base CVSS score is 4.9, indicating moderate severity. The EPSS score is below 1%, suggesting a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation details are not provided, so the exact attack vector is not clear; it is inferred that internal or authenticated access to Discover is required. In the absence of a public exploit, the risk remains moderate but potential impact is system availability loss.

Generated by OpenCVE AI on April 18, 2026 at 02:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Tanium Discover to the latest patched version or apply the vendor‑provided fix if available.
  • Apply the latest Tanium Service Asset patches for versions 4.10.133 and 4.15.129, or upgrade those components to a fixed release.
  • Monitor resource utilization of the Discover service and configure alerts or limits to detect abnormal consumption early.
  • Limit network exposure of the Discover endpoint by enforcing least privilege and segmenting the network so only authorized internal components can communicate with it.

Generated by OpenCVE AI on April 18, 2026 at 02:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://security.tanium.com/TAN-2026-001 cve-icon cve-icon
History

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Tanium discover
CPEs cpe:2.3:a:tanium:discover:*:*:*:*:*:*:*:*
Vendors & Products Tanium discover

Mon, 02 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Tanium service Asset
CPEs cpe:2.3:a:tanium:service_asset:4.10.133:*:*:*:*:*:*:*
cpe:2.3:a:tanium:service_asset:4.15.129:*:*:*:*:*:*:*
Vendors & Products Tanium service Asset

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Tanium
Tanium tanium
Vendors & Products Tanium
Tanium tanium

Mon, 26 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 18:00:00 +0000

Type Values Removed Values Added
Description Tanium addressed an uncontrolled resource consumption vulnerability in Discover.
Title Tanium addressed an uncontrolled resource consumption vulnerability in Discover.
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Tanium Discover Service Asset Tanium
cve-icon MITRE

Status: PUBLISHED

Assigner: Tanium

Published:

Updated: 2026-02-02T20:01:38.031Z

Reserved: 2026-01-20T06:50:47.201Z

Link: CVE-2026-1224

cve-icon Vulnrichment

Updated: 2026-01-26T21:05:02.891Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-26T18:16:28.850

Modified: 2026-03-09T18:09:29.650

Link: CVE-2026-1224

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:45:27Z

Weaknesses