Skip to content

TAN-2026-004

Tanium addressed a SQL injection vulnerability in Asset.

Severity: Medium

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Impact

This vulnerability could allow an authenticated Tanium user with the Asset Report Write permission to read, create, or modify objects in the Asset database that they may otherwise not have access to.

Products Affected

2024H2 Release:

  • Asset prior to Update 21 (v1.32 to v1.32.179)

2025H1 Release:

  • Asset prior to Update 14 (v1.33 to v1.33.269)

2025H2 Release:

  • Asset prior to Update 5 (v1.36 to v1.36.108)

Available Updates

2024H2 Release:

  • Update 21 (Asset v1.32.179) and later

2025H1 Release:

  • Update 14 (Asset v1.33.269) and later

2025H2 Release:

  • Update 5 (Asset v1.36.108) and later

Workaround and Mitigations

None.

Acknowledgements

None.