Skip to content

TAN-2026-014

Tanium addressed an unauthorized code execution vulnerability in Connect.

Severity: High

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact

This vulnerability could allow an authenticated Tanium user with the Connect Write permission to execute unauthorized code in the context of the Connect service running on the Tanium Module Server.

This vulnerability only impacts customers whose Tanium Module Server is running on Windows.

Products Affected

2024H2 Release:

  • Connect prior to Update 25 (v5.26.191)

2025H1 Release:

  • Connect prior to Update 19 (v5.29.237)

2025H2 Release:

  • Connect prior to Update 9 (v5.37.140)

Available Updates

2024H2 Release:

  • Update 25 (Connect v5.26.191) and later

2025H1 Release:

  • Update 19 (Connect v5.29.237) and later

2025H2 Release:

  • Update 9 (Connect v5.37.140) and later

2026H1 Release:

  • Update 0 (Connect v5.47.95) and later

Workaround and Mitigations

None.

Acknowledgements

None.