Skip to content

TAN-2026-008

Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.

Severity: Medium

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact

This vulnerability could allow an attacker with access to TDS logs to gain read access to sensitive data including sessions and API tokens.

Products Affected

2024H2 Release:

  • Interact prior to Update 21 (v3.2.0 to v3.2.196)

2025H1 Release:

  • Interact prior to Update 14 (v3.5.0 to v3.5.102)

2025H2 Release:

  • TDS prior to Update 5 (v4.1.0 to v4.1.257)

Available Updates

2024H2 Release:

  • Update 21 (Interact v3.2.196) and later

2025H1 Release:

  • Update 14 (Interact v3.5.102) and later

2025H2 Release:

  • Update 5 (TDS v4.1.257) and later

Tanium On-prem users may take the following actions, in addition to upgrading Interact/TDS, if they believe their TDS logs could have been accessed by an unauthorized party: - Rotate the credentials for the TDS service account. - Stop the Tanium Server service for 10 minutes, or the duration of the session timeout, to ensure that all existing sessions are invalidated. Customers with an active-active deployment should stop the Tanium Server service on both servers concurrently. - Review TDS logs for the token- pattern and rotate any API token that was erroneously logged.

Tanium Cloud users should rotate all API tokens.

Workaround and Mitigations

None.

Acknowledgements

None.