Description
Tanium addressed an unauthorized code execution vulnerability in Connect.
Published: 2026-05-27
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Tanium Connect allows an attacker to inject operating‑system commands through the Connect interface, resulting in unauthorized code execution. This can give the attacker elevated privileges on the Windows Tanium Module Server, compromising the confidentiality, integrity, and availability of the managed endpoint.

Affected Systems

Products affected are Tanium Connect, which runs on the Windows Tanium Module Server. The issue is specific to this module and does not affect other Tanium components without using the Connect interface.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity. The EPSS score is not reported, and the vulnerability is not yet listed in the CISA KEV catalog, but the lack of a low exploitation probability does not diminish the risk, especially if the Connect interface is exposed to untrusted networks. The likely attack vector is remote exploitation via the Connect service, which, if reachable from untrusted hosts, could be used for unauthenticated or low‑privilege attackers to execute commands and elevate privileges.

Generated by OpenCVE AI on May 27, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest Tanium Connect patch or upgrade to a version that addresses the command injection flaw.
  • Restrict network access to the Connect service by limiting connections to trusted hosts or by placing the service behind a firewall or VPN.
  • If a patch cannot be applied immediately, consider disabling the Connect service or removing it from services that are not required for operation until the vulnerability is resolved.

Generated by OpenCVE AI on May 27, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://security.tanium.com/TAN-2026-014 cve-icon cve-icon
History

Thu, 28 May 2026 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:tanium:connect:*:*:*:*:*:*:*:*

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 15:15:00 +0000

Type Values Removed Values Added
Title Command Injection in Connect Allows Privilege Escalation on Windows Tanium Module Server Tanium addressed an unauthorized code execution vulnerability in Connect.

Wed, 27 May 2026 03:45:00 +0000

Type Values Removed Values Added
First Time appeared Tanium
Tanium connect
Vendors & Products Tanium
Tanium connect

Wed, 27 May 2026 02:15:00 +0000

Type Values Removed Values Added
Description Tanium addressed an unauthorized code execution vulnerability in Connect.
Title Command Injection in Connect Allows Privilege Escalation on Windows Tanium Module Server
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Tanium Connect
cve-icon MITRE

Status: PUBLISHED

Assigner: Tanium

Published:

Updated: 2026-05-27T14:07:47.038Z

Reserved: 2026-05-21T16:46:15.651Z

Link: CVE-2026-9207

cve-icon Vulnrichment

Updated: 2026-05-27T13:51:07.271Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T02:16:35.130

Modified: 2026-05-28T13:31:51.413

Link: CVE-2026-9207

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T03:30:06Z

Weaknesses