Tanium reported that certain log files within the Trends component may contain unsolicited sensitive information, creating a confidentiality risk. The underlying weakness is logged as a CWE‑532 condition, reflecting that logs should not contain personally or system‑sensitive data. When triggered, the compromised logs can reveal confidential data to an attacker who can read the files, potentially enabling information disclosure. The vulnerability does not affect system integrity or availability directly but permits unauthorized access to data that should remain private.

The vulnerability impacts Tanium’s Trends product, specifically Service Trends releases 3.10.19 and 3.11.77, along with any later releases that exhibit the same logging behavior. End‑users should verify the exact version installed in their environment by consulting the product version information and ensure that their system is not running an affected release.

The CVSS score of 6.5 indicates moderate severity, while an EPSS score of less than 1% reflects a very low probability of exploitation at the time of analysis. The issue is not cataloged in the CISA KEV list, suggesting no publicly known exploits currently exist. Based on the description, the attack vector is not explicitly documented; it is inferred that an attacker would need the ability to read the log files or otherwise trigger log writes, implying either local or remote privilege within the system. Consequently, the risk level remains moderate but requires timely mitigation to prevent accidental data leakage.