Description
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
Published: 2026-04-22
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Tanium Interact contains an uncontrolled resource consumption flaw (CWE‑400) that allows an attacker to cause the service to allocate excessive system resources. Such over‑consumption can result in degraded performance or a complete denial of service to legitimate users. The vulnerability is confined to the Interact component and does not directly lead to code execution or data exfiltration.

Affected Systems

The affected product is Tanium Interact. Vulnerable releases include version 3.2.196, 3.5.102 and 3.8.46.

Risk and Exploitability

The CVSS score of 2.7 indicates a low severity risk. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting low likelihood of widespread exploitation. Based on the nature of the flaw, the attack vector is inferred to be remote or local access to the Interact service where a malicious client can trigger excessive resource usage. The impact is primarily to availability rather than confidentiality or integrity.

Generated by OpenCVE AI on April 22, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and apply the latest Tanium Interact update that contains the resource‑usage fix.
  • Restrict external access to the Interact service using firewall rules or VPNs to limit exposure to potential attackers.
  • Configure application‑level resource limits or enable monitoring to detect abnormal CPU or memory usage patterns.

Generated by OpenCVE AI on April 22, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://security.tanium.com/TAN-2026-010 cve-icon cve-icon
History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Tanium interact
Vendors & Products Tanium interact

Wed, 22 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Description Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
Title Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
First Time appeared Tanium
Tanium service Interact
Weaknesses CWE-400
CPEs cpe:2.3:a:tanium:service_interact:3.2.196:*:*:*:*:*:*:*
cpe:2.3:a:tanium:service_interact:3.5.102:*:*:*:*:*:*:*
cpe:2.3:a:tanium:service_interact:3.8.46:*:*:*:*:*:*:*
Vendors & Products Tanium
Tanium service Interact
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Tanium Interact Service Interact
cve-icon MITRE

Status: PUBLISHED

Assigner: Tanium

Published:

Updated: 2026-04-22T12:57:59.571Z

Reserved: 2026-04-15T23:55:39.808Z

Link: CVE-2026-6416

cve-icon Vulnrichment

Updated: 2026-04-22T12:57:53.593Z

cve-icon NVD

Status : Received

Published: 2026-04-22T03:16:01.643

Modified: 2026-04-22T03:16:01.643

Link: CVE-2026-6416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T04:30:05Z

Weaknesses