Skip to content

TAN-2026-012

Tanium addressed an information disclosure vulnerability in Tanium Server.

Severity: Low

Base Score: 2.7

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Impact

This vulnerability could allow an authenticated Tanium user with the Administrator role or "Write Downloader Authentication" permission to retrieve credentials used for remote source download authentication.

Products Affected

2024H2 Release:

  • Tanium Server prior to Update 23 (v7.6.4.2185)

2025H1 Release:

  • Tanium Server prior to Update 17 (v7.7.3.8266)

2025H2 Release:

  • Tanium Server prior to Update 7 (v7.8.2.1168)

Available Updates

2024H2 Release:

  • Update 23 (Tanium Server v7.6.4.2185) and later

2025H1 Release:

  • Update 17 (Tanium Server v7.7.3.8266) and later

2025H2 Release:

  • Update 7 (Tanium Server v7.8.2.1168) and later

In addition to updating the impacted software, consider rotating any credentials that may have been compromised by a Tanium user with the Administrator role or "Write Downloader Authentication" permission.

Workaround and Mitigations

None.

Acknowledgements

None.