Description
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Published: 2026-02-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure via logs
Action: Patch
AI Analysis

Impact

The vulnerability enables the insertion of sensitive information into log files, which can lead to the disclosure of confidential data if the logs are accessed by unauthorized parties. It is classified as an information disclosure flaw consistent with CWE-532. The impact is limited to the potential exposure of whatever data is written to the logs at the time of the incident.

Affected Systems

Affected systems are Tanium TanOS versions 1.8.4.0249, 1.8.5.0282, and 1.8.6.0150.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% reflects a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. No explicit attack vector is disclosed; the risk assessment assumes that the attacker would need sufficient access to alter the logging configuration or trigger a condition that logs the sensitive data.

Generated by OpenCVE AI on April 18, 2026 at 11:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Tanium security patch or upgrade to a non‑affected TanOS version as detailed in Tanium’s advisory (https://security.tanium.com/TAN-2026-006).
  • Modify logging settings to prevent sensitive data from being recorded, following the vendor’s log sanitization guidance.
  • Enable log rotation and enforce strict access controls on log files to reduce the window of exposure for any logged sensitive information.

Generated by OpenCVE AI on April 18, 2026 at 11:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://security.tanium.com/TAN-2026-006 cve-icon cve-icon
History

Mon, 02 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*

Thu, 19 Feb 2026 23:30:00 +0000

Type Values Removed Values Added
Description Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Title Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
First Time appeared Tanium
Tanium tanos
Weaknesses CWE-532
CPEs cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*
cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*
cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*
Vendors & Products Tanium
Tanium tanos
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Tanium Tanos
cve-icon MITRE

Status: PUBLISHED

Assigner: Tanium

Published:

Updated: 2026-03-02T15:51:41.710Z

Reserved: 2026-02-16T21:37:15.555Z

Link: CVE-2026-2605

cve-icon Vulnrichment

Updated: 2026-03-02T15:51:28.771Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T00:16:18.200

Modified: 2026-02-20T19:33:36.067

Link: CVE-2026-2605

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:45:44Z

Weaknesses