Description
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
Published: 2026-02-17
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Insecure file permissions that could allow unauthorized access or modification of sensitive files
Action: Apply Patch
AI Analysis

Impact

CVE-2026-1344 describes an insecure file permissions flaw in Tanium’s Enforce Recovery Key Portal, identified as CWE‑732. The incorrect assignment of file permissions could allow an attacker or compromised account to read, modify, or delete files that should be protected, leading to potential compromise of system data and configuration and undermining the integrity and confidentiality of sensitive information.

Affected Systems

The vulnerable component is Tanium’s Enforce Recovery Key Portal, including the service_enforce_recovery-key-portal product version 1.62.4. The general product is indicated by the CPE strings, showing that any instance of Tanium Enforce Recovery Key Portal may be impacted; no other product versions are listed.

Risk and Exploitability

CVSS score of 6.5 signals a medium severity risk, and the EPSS <1% indicates that, as of the latest data, the likelihood of exploitation is low. It is not part of the CISA KEV list. Attackers would need access to the system hosting the portal or an authenticated user with sufficient privileges to benefit from the weakened permissions. Because the flaw involves incorrect permission assignment, the vulnerability can be exploited by simply reading or writing files that should be restricted, which could lead to data exposure or unauthorized configuration changes.

Generated by OpenCVE AI on April 17, 2026 at 18:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of Tanium Enforce Recovery Key Portal that contains the fix for the insecure file permissions issue.
  • Override default file permissions on the portal directories and files to ensure that only privileged accounts can read or write them, following the principles of least privilege.
  • Enable file integrity monitoring and audit logging on the portal to detect any unauthorized access or modification of protected files.

Generated by OpenCVE AI on April 17, 2026 at 18:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://security.tanium.com/TAN-2026-003 cve-icon cve-icon
History

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Tanium enforce Recovery Key Portal
CPEs cpe:2.3:a:tanium:enforce_recovery_key_portal:*:*:*:*:*:*:*:*
Vendors & Products Tanium enforce Recovery Key Portal

Wed, 18 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 00:00:00 +0000

Type Values Removed Values Added
Description Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
Title Insecure file permissions in Enforce Recovery Key Portal
First Time appeared Tanium
Tanium service Enforce Recovery-key-portal
Weaknesses CWE-732
CPEs cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:*
Vendors & Products Tanium
Tanium service Enforce Recovery-key-portal
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Tanium Enforce Recovery Key Portal Service Enforce Recovery-key-portal
cve-icon MITRE

Status: PUBLISHED

Assigner: Tanium

Published:

Updated: 2026-02-18T13:41:49.780Z

Reserved: 2026-01-22T16:16:38.983Z

Link: CVE-2026-1344

cve-icon Vulnrichment

Updated: 2026-02-18T13:40:50.672Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-18T00:16:18.040

Modified: 2026-03-09T18:05:55.490

Link: CVE-2026-1344

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:00:11Z

Weaknesses