Skip to content

TAN-2026-006

Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.

Severity: Medium

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact

This vulnerability could allow an attacker with access to TanOS syslog output to obtain the temporary password of a TanOS user whose password was reset. This password is only valid from the time period between the reset and the first successful login of that user.

Products Affected

2024H2 Release:

  • TanOS prior to Update 21 (v1.8.4 to v1.8.4.0249)

2025H1 Release:

  • TanOS prior to Update 14 (v1.8.5 to v1.8.5.0282)

2025H2 Release:

  • TanOS prior to Update 5 (v1.8.6 to v1.8.6.0150)

Available Updates

2024H2 Release:

  • Update 21 (TanOS v1.8.4.0249) and later

2025H1 Release:

  • Update 14 (TanOS v1.8.5.0282) and later

2025H2 Release:

  • Update 5 (TanOS v1.8.6.01503) and later

Workaround and Mitigations

None.

Acknowledgements

None.