CVE-2026-2350 - Vulnerability Details

- Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.

Description

Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.

Published: 2026-02-19

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw allows the Interact and TDS components to record sensitive data such as credentials or tokens into log files without sanitization. This loss of confidentiality can expose privileged information to anyone who can read the logs, including administrators and compromised accounts. The weakness is catalogued as a log‑file management issue (CWE‑532) and does not provide direct code execution or denial‑of‑service capabilities, but the leakage of confidential data can compromise system integrity and privacy.

Affected Systems

The vulnerability affects Tanium Interact and Tanium TDS. No specific version ranges are supplied, so all installations of these components should be reviewed and updated when a patch becomes available.

Risk and Exploitability

Rated with a CVSS score of 6.5, the vulnerability is moderately severe but unlikely to be actively exploited, as indicated by an EPSS score of less than 1% and its absence from the CISA KEV catalog. Exploitation would require the attacker to trigger the logging path and obtain access to the log files, meaning privileged or compromised accounts provide the simplest attack vectors. In environments where logs are exposed to wider audiences or stored in insecure locations, the risk is higher, whereas tight log access controls reduce the likelihood of a data leak.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tanium

Interact

affected

Version	Status	Constraints
`3.2.0`	affected	< 3.2.196
`3.5.0`	affected	< 3.5.102

Tanium

TDS

affected

Version	Status	Constraints
`4.1.0`	affected	< 4.1.257

Configuration 1 [-]

OR	cpe:2.3:a:tanium:interact::::::::
	cpe:2.3:a:tanium:interact::::::::

No data.

Vendor Product Confidence Versions

Tanium

Interact

100%

Version	Status	Scheme	Platform
`[3.2.0,3.2.196)`	affected	semver	—
`[3.5.0,3.5.102)`	affected	semver	—

Tanium

Tds

100%

Version	Status	Scheme	Platform
`[4.1.0,4.1.257)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor‑supplied patch or update for Tanium Interact and Tanium TDS that addresses log‑file sanitization.
Restrict logging of sensitive information by configuring the applications to omit passwords, tokens, or other confidential data, or by disabling verbose logging in production environments.
Audit existing log files for exposed secrets and rotate credentials, tokens, or keys that may have been inadvertently recorded.
Enable monitoring for anomalous log entries that contain sensitive data and establish alerting to detect potential leaks.

Generated by OpenCVE AI on April 16, 2026 at 16:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://security.tanium.com/TAN-2026-008

History

Mon, 02 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 28 Feb 2026 00:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:tanium:interact::::::::

Fri, 20 Feb 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tanium interact Tanium tds
Vendors & Products		Tanium interact Tanium tds

Thu, 19 Feb 2026 23:30:00 +0000

Type	Values Removed	Values Added
Description		Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
Title		Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
First Time appeared		Tanium Tanium service Interact Tanium service Tds
Weaknesses		CWE-532
CPEs		cpe:2.3:a:tanium:service_interact:3.2.195:::::::* cpe:2.3:a:tanium:service_interact:3.5.101:::::::* cpe:2.3:a:tanium:service_tds:4.1.256:::::::*
Vendors & Products		Tanium Tanium service Interact Tanium service Tds
References		https://security.tanium.com/TAN-2026-008
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Tanium Interact Service Interact Service Tds Tds

MITRE

Status: PUBLISHED

Assigner: Tanium

Published: 2026-02-19T23:10:33.951Z

Updated: 2026-03-02T15:50:27.043Z

Reserved: 2026-02-11T16:04:36.872Z

Link: CVE-2026-2350

Vulnrichment

Updated: 2026-03-02T15:50:17.548Z

NVD

Status : Analyzed

Published: 2026-02-20T00:16:17.780

Modified: 2026-02-27T23:48:19.057

Link: CVE-2026-2350

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T16:45:25Z

Weaknesses

CWE-532

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object