Description
Tanium addressed an information disclosure vulnerability in Tanium Server.
Published: 2026-04-22
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

This vulnerability allows the disclosure of sensitive information from Tanium Server. The weakness is classified as CWE‑522, indicating that privileged information may be exposed to unauthorized parties.

Affected Systems

The affected product is Tanium Server. No specific version information is provided, so all deployments of Tanium Server may be impacted until an official fix is applied.

Risk and Exploitability

The CVSS score for this issue is 2.7, indicating low severity. No EPSS score is available, so the exploitation probability is unknown. The vulnerability is not listed in CISA KEV, suggesting it is not currently being actively exploited. The likely attack vector is not explicitly documented, but based on the nature of an information disclosure, an attacker would need a level of access that allows them to query the Tanium Server or read its configuration data. Given the low severity and lack of known exploits, the risk to confidentiality is limited, but remediation is still advised to prevent potential data exposure.

Generated by OpenCVE AI on April 22, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Tanium Server patch or upgrade to the latest version
  • Restrict network access to Tanium Server endpoints and enforce least privilege for users
  • Monitor system logs for unusual attempts to access or retrieve configuration data

Generated by OpenCVE AI on April 22, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://security.tanium.com/TAN-2026-012 cve-icon cve-icon
History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Tanium
Tanium tanium Server
Vendors & Products Tanium
Tanium tanium Server

Wed, 22 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Description Tanium addressed an information disclosure vulnerability in Tanium Server.
Title Tanium addressed an information disclosure vulnerability in Tanium Server.
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Tanium Tanium Server
cve-icon MITRE

Status: PUBLISHED

Assigner: Tanium

Published:

Updated: 2026-04-22T12:49:39.769Z

Reserved: 2026-04-15T21:51:17.871Z

Link: CVE-2026-6408

cve-icon Vulnrichment

Updated: 2026-04-22T12:49:26.375Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T03:16:01.540

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-6408

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:44:50Z

Weaknesses