Refine your search
52 vulnerabilities found for by Tanium
CVE-2026-9208 (GCVE-0-2026-9208)
Vulnerability from cvelistv5
Published
2026-05-27 20:59
Modified
2026-05-28 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Tanium addressed an unauthorized code execution vulnerability in Connect.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:22:21.390236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:22:32.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Connect",
"vendor": "Tanium",
"versions": [
{
"lessThan": "5.26.191",
"status": "affected",
"version": "5.26",
"versionType": "custom"
},
{
"lessThan": "5.29.237",
"status": "affected",
"version": "5.29",
"versionType": "custom"
},
{
"lessThan": "5.37.140",
"status": "affected",
"version": "5.37",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-05-21T16:49:31.914Z",
"datePublic": "2026-05-27T20:59:31.374Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Connect."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T20:59:43.199Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-015",
"url": "https://security.tanium.com/TAN-2026-015"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Connect."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-9208",
"datePublished": "2026-05-27T20:59:43.199Z",
"dateReserved": "2026-05-21T16:49:32.433Z",
"dateUpdated": "2026-05-28T13:22:32.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9207 (GCVE-0-2026-9207)
Vulnerability from cvelistv5
Published
2026-05-27 01:19
Modified
2026-05-27 14:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Tanium addressed an unauthorized code execution vulnerability in Connect.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T13:50:58.138797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:51:16.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Connect",
"vendor": "Tanium",
"versions": [
{
"lessThan": "5.26.191",
"status": "affected",
"version": "5.26",
"versionType": "custom"
},
{
"lessThan": "5.29.237",
"status": "affected",
"version": "5.29",
"versionType": "custom"
},
{
"lessThan": "5.37.140",
"status": "affected",
"version": "5.37",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-05-21T16:46:15.094Z",
"datePublic": "2026-05-27T01:19:08.632Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Connect."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:07:47.038Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-014",
"url": "https://security.tanium.com/TAN-2026-014"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Connect."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-9207",
"datePublished": "2026-05-27T01:19:26.555Z",
"dateReserved": "2026-05-21T16:46:15.651Z",
"dateUpdated": "2026-05-27T14:07:47.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9156 (GCVE-0-2026-9156)
Vulnerability from cvelistv5
Published
2026-05-27 01:19
Modified
2026-05-27 13:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Summary
Tanium addressed a denial of service vulnerability in Tanium Server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Server |
Version: 7.6.4.0 < 7.6.4.2190 Version: 7.7.3.0 < 7.7.3.8274 Version: 7.8.2.0 < 7.8.2.1176 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T13:50:31.230808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:50:44.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.6.4.2190",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
},
{
"lessThan": "7.7.3.8274",
"status": "affected",
"version": "7.7.3.0",
"versionType": "custom"
},
{
"lessThan": "7.8.2.1176",
"status": "affected",
"version": "7.8.2.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-05-21T01:21:37.531Z",
"datePublic": "2026-05-27T01:19:03.729Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a denial of service vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:19:26.286Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-013",
"url": "https://security.tanium.com/TAN-2026-013"
}
],
"title": "Tanium addressed a denial of service vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-9156",
"datePublished": "2026-05-27T01:19:26.286Z",
"dateReserved": "2026-05-21T01:21:38.154Z",
"dateUpdated": "2026-05-27T13:50:44.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6408 (GCVE-0-2026-6408)
Vulnerability from cvelistv5
Published
2026-04-22 01:46
Modified
2026-04-22 12:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
Tanium addressed an information disclosure vulnerability in Tanium Server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Server |
Version: 7.6.4.0 < 7.6.4.2185 Version: 7.7.3.0 < 7.7.3.8266 Version: 7.8.2.0 < 7.8.2.1168 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T12:48:18.544819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T12:49:39.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.6.4.2185",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
},
{
"lessThan": "7.7.3.8266",
"status": "affected",
"version": "7.7.3.0",
"versionType": "custom"
},
{
"lessThan": "7.8.2.1168",
"status": "affected",
"version": "7.8.2.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-04-15T21:51:17.273Z",
"datePublic": "2026-04-22T01:46:17.259Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T01:46:40.653Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-012",
"url": "https://security.tanium.com/TAN-2026-012"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-6408",
"datePublished": "2026-04-22T01:46:40.653Z",
"dateReserved": "2026-04-15T21:51:17.871Z",
"dateUpdated": "2026-04-22T12:49:39.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6392 (GCVE-0-2026-6392)
Vulnerability from cvelistv5
Published
2026-04-22 01:46
Modified
2026-04-22 12:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Version: 4.6.0 < 4.6.577 Version: 4.9.0 < 4.9.379 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T12:54:38.845263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T12:54:52.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.6.577",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.379",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-04-15T20:04:30.169Z",
"datePublic": "2026-04-22T01:46:13.287Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T01:46:29.651Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-011",
"url": "https://security.tanium.com/TAN-2026-011"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-6392",
"datePublished": "2026-04-22T01:46:29.651Z",
"dateReserved": "2026-04-15T20:04:30.751Z",
"dateUpdated": "2026-04-22T12:54:52.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6416 (GCVE-0-2026-6416)
Vulnerability from cvelistv5
Published
2026-04-22 01:46
Modified
2026-04-22 12:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T12:57:48.199961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T12:57:59.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_interact:3.2.196:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_interact:3.5.102:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_interact:3.8.46:*:*:*:*:*:*:*"
],
"product": "Interact",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.2.202",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.5.108",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
},
{
"lessThan": "3.8.47",
"status": "affected",
"version": "3.8.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric Bester"
}
],
"dateAssigned": "2026-04-15T23:55:39.195Z",
"datePublic": "2026-04-22T01:46:08.322Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T01:46:19.376Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-010",
"url": "https://security.tanium.com/TAN-2026-010"
}
],
"title": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-6416",
"datePublished": "2026-04-22T01:46:19.376Z",
"dateReserved": "2026-04-15T23:55:39.808Z",
"dateUpdated": "2026-04-22T12:57:59.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2350 (GCVE-0-2026-2350)
Vulnerability from cvelistv5
Published
2026-02-19 23:10
Modified
2026-03-02 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:41:02.790036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:50:27.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_interact:3.2.195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_interact:3.5.101:*:*:*:*:*:*:*"
],
"product": "Interact",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.2.196",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.5.102",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:tanium:service_tds:4.1.256:*:*:*:*:*:*:*"
],
"product": "TDS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.1.257",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-11T16:04:36.295Z",
"datePublic": "2026-02-19T23:10:05.500Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:14:23.480Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-008",
"url": "https://security.tanium.com/TAN-2026-008"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2350",
"datePublished": "2026-02-19T23:10:33.951Z",
"dateReserved": "2026-02-11T16:04:36.872Z",
"dateUpdated": "2026-03-02T15:50:27.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1292 (GCVE-0-2026-1292)
Vulnerability from cvelistv5
Published
2026-02-19 23:10
Modified
2026-03-02 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:50:37.988052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:50:54.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_trends:3.10.19:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_trends:3.11.77:*:*:*:*:*:*:*"
],
"product": "Trends",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.10.20",
"status": "affected",
"version": "3.10.0",
"versionType": "custom"
},
{
"lessThan": "3.11.79",
"status": "affected",
"version": "3.11.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-01-21T16:30:45.079Z",
"datePublic": "2026-02-19T23:09:55.630Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:10:23.372Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-007",
"url": "https://security.tanium.com/TAN-2026-007"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-1292",
"datePublished": "2026-02-19T23:10:23.372Z",
"dateReserved": "2026-01-21T16:30:45.783Z",
"dateUpdated": "2026-03-02T15:50:54.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2605 (GCVE-0-2026-2605)
Vulnerability from cvelistv5
Published
2026-02-19 23:10
Modified
2026-03-02 15:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:51:21.997907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:51:41.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0249",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0282",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
},
{
"lessThan": "1.8.6.0150",
"status": "affected",
"version": "1.8.6",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-16T21:37:14.785Z",
"datePublic": "2026-02-19T23:09:49.159Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:13:38.465Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-006",
"url": "https://security.tanium.com/TAN-2026-006"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2605",
"datePublished": "2026-02-19T23:10:02.867Z",
"dateReserved": "2026-02-16T21:37:15.555Z",
"dateUpdated": "2026-03-02T15:51:41.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2408 (GCVE-0-2026-2408)
Vulnerability from cvelistv5
Published
2026-02-19 23:09
Modified
2026-03-02 15:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Cloud Workloads |
Version: 1.0.222 < 1.0.222 cpe:2.3:a:tanium:service_cloudworkloads:1.0.221:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:54:55.216169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:55:09.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_cloudworkloads:1.0.221:*:*:*:*:*:*:*"
],
"product": "Cloud Workloads",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.0.222",
"status": "affected",
"version": "1.0.222",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-12T13:49:48.721Z",
"datePublic": "2026-02-19T23:09:40.352Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:09:51.620Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-005",
"url": "https://security.tanium.com/TAN-2026-005"
}
],
"title": "Use-after-free in Cloud Workloads"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2408",
"datePublished": "2026-02-19T23:09:51.620Z",
"dateReserved": "2026-02-12T13:49:49.307Z",
"dateUpdated": "2026-03-02T15:55:09.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2435 (GCVE-0-2026-2435)
Vulnerability from cvelistv5
Published
2026-02-19 23:09
Modified
2026-03-02 15:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Tanium addressed a SQL injection vulnerability in Asset.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:55:19.435641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:55:43.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_asset:1.32.178:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_asset:1.33.268:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_asset:1.36.107:*:*:*:*:*:*:*"
],
"product": "Asset",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.32.179",
"status": "affected",
"version": "1.32",
"versionType": "custom"
},
{
"lessThan": "1.33.269",
"status": "affected",
"version": "1.33",
"versionType": "custom"
},
{
"lessThan": "1.36.108",
"status": "affected",
"version": "1.36",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-12T22:26:04.213Z",
"datePublic": "2026-02-19T23:09:30.641Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a SQL injection vulnerability in Asset."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:09:41.110Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-004",
"url": "https://security.tanium.com/TAN-2026-004"
}
],
"title": "ASSET-7706"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2435",
"datePublished": "2026-02-19T23:09:41.110Z",
"dateReserved": "2026-02-12T22:26:04.828Z",
"dateUpdated": "2026-03-02T15:55:43.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1344 (GCVE-0-2026-1344)
Vulnerability from cvelistv5
Published
2026-02-17 23:43
Modified
2026-02-18 13:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Enforce Recovery Key Portal |
Version: 1.0.0 < 1.62.5 cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T13:40:38.287908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T13:41:49.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:*"
],
"product": "Enforce Recovery Key Portal",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.62.5",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-01-22T16:16:38.364Z",
"datePublic": "2026-02-17T23:43:20.540Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T23:43:30.432Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-003",
"url": "https://security.tanium.com/TAN-2026-003"
}
],
"title": "Insecure file permissions in Enforce Recovery Key Portal"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-1344",
"datePublished": "2026-02-17T23:43:30.432Z",
"dateReserved": "2026-01-22T16:16:38.983Z",
"dateUpdated": "2026-02-18T13:41:49.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15314 (GCVE-0-2025-15314)
Vulnerability from cvelistv5
Published
2026-02-09 23:05
Modified
2026-02-10 20:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | end-user-cx |
Version: 1.4.0 < 1.4.1175 Version: 1.6.0 < 1.6.926 Version: 1.8.0 < 1.8.21 cpe:2.3:a:tanium:endpoint_end-user-cx:1.4.1174:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-cx:1.6.925:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-cx:1.8.20:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:18:17.474330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:18:24.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.4.1174:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.6.925:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.8.20:*:*:*:*:*:*:*"
],
"product": "end-user-cx",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.4.1175",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
},
{
"lessThan": "1.6.926",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
},
{
"lessThan": "1.8.21",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:54.705Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in end-user-cx."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:06:46.478Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-010",
"url": "https://security.tanium.com/TAN-2025-010"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in end-user-cx."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15314",
"datePublished": "2026-02-09T23:05:16.503Z",
"dateReserved": "2025-12-29T23:12:54.874Z",
"dateUpdated": "2026-02-10T20:18:24.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15313 (GCVE-0-2025-15313)
Vulnerability from cvelistv5
Published
2026-02-09 23:05
Modified
2026-02-10 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium EUSS |
Version: 1.17.0 < 1.17.41 Version: 1.18.0 < 1.18.28 cpe:2.3:a:tanium:endpoint_euss:1.17.40:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_euss:1.18.27:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:17:52.390755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:17:58.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_euss:1.17.40:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_euss:1.18.27:*:*:*:*:*:*:*"
],
"product": "Tanium EUSS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.17.41",
"status": "affected",
"version": "1.17.0",
"versionType": "custom"
},
{
"lessThan": "1.18.28",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.970Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:09:09.849Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-010",
"url": "https://security.tanium.com/TAN-2025-010"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15313",
"datePublished": "2026-02-09T23:05:16.158Z",
"dateReserved": "2025-12-29T23:12:54.257Z",
"dateUpdated": "2026-02-10T20:17:58.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15310 (GCVE-0-2025-15310)
Vulnerability from cvelistv5
Published
2026-02-09 23:00
Modified
2026-02-10 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Patch Endpoint Tools |
Version: 3.17.0 < 3.17.10195 Version: 10.1.0 < 10.1.33 Version: 10.2.0 < 10.2.22 cpe:2.3:a:tanium:endpoint_patch:3.17.10194:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.1.32:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.2.21:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:17:22.301449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:17:29.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_patch:3.17.10194:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.1.32:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.2.21:*:*:*:*:*:*:*"
],
"product": "Patch Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.10195",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "10.1.33",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.2.22",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Magic"
}
],
"dateAssigned": "2025-12-29T23:12:52.295Z",
"datePublic": "2025-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:11:05.748Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-001",
"url": "https://security.tanium.com/TAN-2025-001"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15310",
"datePublished": "2026-02-09T23:00:51.789Z",
"dateReserved": "2025-12-29T23:12:52.477Z",
"dateUpdated": "2026-02-10T20:17:29.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15318 (GCVE-0-2025-15318)
Vulnerability from cvelistv5
Published
2026-02-09 22:56
Modified
2026-02-10 21:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | End-User Notifications Endpoint Tools |
Version: 1.18.0 < 1.18.10079 Version: 10.0.0 < 10.0.14 Version: 10.1.0 < 10.1.20 cpe:2.3:a:tanium:endpoint_end-user-notifications:1.18.10078:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-notifications:10.0.13:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-notifications:10.1.19:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T21:21:53.649467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T21:22:00.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_end-user-notifications:1.18.10078:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-notifications:10.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-notifications:10.1.19:*:*:*:*:*:*:*"
],
"product": "End-User Notifications Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.18.10079",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
},
{
"lessThan": "10.0.14",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThan": "10.1.20",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:57.784Z",
"datePublic": "2025-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:11:46.729Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-017",
"url": "https://security.tanium.com/TAN-2025-017"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15318",
"datePublished": "2026-02-09T22:56:27.343Z",
"dateReserved": "2025-12-29T23:12:57.929Z",
"dateUpdated": "2026-02-10T21:22:00.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15319 (GCVE-0-2025-15319)
Vulnerability from cvelistv5
Published
2026-02-09 22:52
Modified
2026-02-10 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Patch Endpoint Tools |
Version: 3.17.0 < 3.17.10207 Version: 10.1.0 < 10.1.50 Version: 10.7.0 < 10.7.25 Version: 10.9.0 < 10.9.31 Version: 10.11.0 < 10.11.27 cpe:2.3:a:tanium:endpoint_patch:3.17.10206:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.1.49:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.7.24:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.9.30:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.10.26:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T21:21:32.326259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T21:21:40.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_patch:3.17.10206:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.1.49:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.7.24:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.9.30:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.10.26:*:*:*:*:*:*:*"
],
"product": "Patch Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.10207",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "10.1.50",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.7.25",
"status": "affected",
"version": "10.7.0",
"versionType": "custom"
},
{
"lessThan": "10.9.31",
"status": "affected",
"version": "10.9.0",
"versionType": "custom"
},
{
"lessThan": "10.11.27",
"status": "affected",
"version": "10.11.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Owen Jeanes"
}
],
"dateAssigned": "2025-12-29T23:12:58.700Z",
"datePublic": "2025-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:09:49.225Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-021",
"url": "https://security.tanium.com/TAN-2025-021"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15319",
"datePublished": "2026-02-09T22:52:32.693Z",
"dateReserved": "2025-12-29T23:12:58.866Z",
"dateUpdated": "2026-02-10T21:21:40.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15315 (GCVE-0-2025-15315)
Vulnerability from cvelistv5
Published
2026-02-09 21:48
Modified
2026-02-10 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Module Server |
Version: 7.5.6.0 < 7.5.6.1161 Version: 7.4.6.0 < 7.4.6.1151 Version: 7.6.2.0 < 7.6.2.1293 Version: 7.6.4.0 < 7.6.4.2114 cpe:2.3:a:tanium:moduleserver:7.5.6.1160:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.4.6.1150:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.6.2.1292:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.6.4.2113:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:58:41.692979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:59:35.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:moduleserver:7.5.6.1160:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.4.6.1150:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.6.2.1292:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.6.4.2113:*:*:*:*:*:*:*"
],
"product": "Tanium Module Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.5.6.1161",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.4.6.1151",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1293",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2114",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:55.398Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Tanium Module Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:48:49.693Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-011",
"url": "https://security.tanium.com/TAN-2025-011"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Tanium Module Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15315",
"datePublished": "2026-02-09T21:48:49.693Z",
"dateReserved": "2025-12-29T23:12:55.559Z",
"dateUpdated": "2026-02-10T16:59:35.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15316 (GCVE-0-2025-15316)
Vulnerability from cvelistv5
Published
2026-02-09 21:48
Modified
2026-02-10 15:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Server |
Version: 7.4.6.0 < 7.4.6.1151 Version: 7.5.6.0 < 7.5.6.1161 Version: 7.6.2.0 < 7.6.2.1293 Version: 7.6.4.0 < 7.6.4.2114 cpe:2.3:a:tanium:server:7.4.6.1150:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.5.6.1160:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.2.1292:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.4.2113:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:58:59.416693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:59:23.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:server:7.4.6.1150:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.5.6.1160:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.2.1292:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.4.2113:*:*:*:*:*:*:*"
],
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.4.6.1151",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.5.6.1161",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1293",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2114",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:56.161Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:48:49.471Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-011",
"url": "https://security.tanium.com/TAN-2025-011"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15316",
"datePublished": "2026-02-09T21:48:49.471Z",
"dateReserved": "2025-12-29T23:12:56.327Z",
"dateUpdated": "2026-02-10T15:59:23.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15317 (GCVE-0-2025-15317)
Vulnerability from cvelistv5
Published
2026-02-09 21:43
Modified
2026-02-10 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Server |
Version: 7.4.6.0 < 7.4.6.1154 Version: 7.5.6.0 < 7.5.6.1164 Version: 7.6.2.0 < 7.6.2.1303 Version: 7.6.4.0 < 7.6.4.2124 cpe:2.3:a:tanium:server:7.4.6.1153:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.5.6.1163:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.2.1302:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.4.2123:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:00:52.783721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:34.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:server:7.4.6.1153:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.5.6.1163:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.2.1302:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.4.2123:*:*:*:*:*:*:*"
],
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.4.6.1154",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.5.6.1164",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1303",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2124",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:56.967Z",
"datePublic": "2025-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:43:41.258Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-013",
"url": "https://security.tanium.com/TAN-2025-013"
}
],
"title": "Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15317",
"datePublished": "2026-02-09T21:43:41.258Z",
"dateReserved": "2025-12-29T23:12:57.132Z",
"dateUpdated": "2026-02-10T16:01:34.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15320 (GCVE-0-2025-15320)
Vulnerability from cvelistv5
Published
2026-02-06 19:18
Modified
2026-02-06 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-605 - Multiple Binds to the Same Port
Summary
Tanium addressed a denial of service vulnerability in Tanium Client.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Client |
Version: 7.6.2.0 < 7.6.2.1327 Version: 7.6.4.0 < 7.6.4.2160 Version: 7.7.3.0 < 7.7.3.8231 Version: 7.4.10.0 < 7.4.10.1118 cpe:2.3:a:tanium:client:7.4.10.1116:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.6.2.1326:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.6.4.2159:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.7.3.8230:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:40:12.881671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:40:46.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:client:7.4.10.1116:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.6.2.1326:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.6.4.2159:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.7.3.8230:*:*:*:*:*:*:*"
],
"product": "Tanium Client",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.6.2.1327",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2160",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
},
{
"lessThan": "7.7.3.8231",
"status": "affected",
"version": "7.7.3.0",
"versionType": "custom"
},
{
"lessThan": "7.4.10.1118",
"status": "affected",
"version": "7.4.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:12:59.718Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a denial of service vulnerability in Tanium Client."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-605",
"description": "Multiple Binds to the Same Port",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:18:13.493Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-023",
"url": "https://security.tanium.com/TAN-2025-023"
}
],
"title": "Tanium addressed a denial of service vulnerability in Tanium Client."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15320",
"datePublished": "2026-02-06T19:18:13.493Z",
"dateReserved": "2025-12-29T23:12:59.888Z",
"dateUpdated": "2026-02-06T19:40:46.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15311 (GCVE-0-2025-15311)
Vulnerability from cvelistv5
Published
2026-02-05 18:26
Modified
2026-02-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Summary
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Version: 1.8.3.0 < 1.8.3.0146 Version: 1.8.4.0 < 1.8.4.0149 Version: 1.8.5.0 < 1.8.5.0212 cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:01:19.848854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:01:30.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0149",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0212",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:52.865Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:23.251Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-002",
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15311",
"datePublished": "2026-02-05T18:26:23.251Z",
"dateReserved": "2025-12-29T23:12:53.054Z",
"dateUpdated": "2026-02-06T19:01:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15312 (GCVE-0-2025-15312)
Vulnerability from cvelistv5
Published
2026-02-05 18:26
Modified
2026-02-06 19:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Version: 1.8.3.0 < 1.8.3.0146 Version: 1.8.4.0 < 1.8.4.0157 cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:02:02.740803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:02:11.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0157",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.375Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:06.378Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-003",
"url": "https://security.tanium.com/TAN-2025-003"
}
],
"title": "Tanium addressed an improper output sanitization vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15312",
"datePublished": "2026-02-05T18:26:06.378Z",
"dateReserved": "2025-12-29T23:12:53.559Z",
"dateUpdated": "2026-02-06T19:02:11.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15324 (GCVE-0-2025-15324)
Vulnerability from cvelistv5
Published
2026-02-05 18:25
Modified
2026-02-06 19:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed a documentation issue in Engage.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:03:35.009129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:03:42.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_engage:1.3.36:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_engage:1.6.192:*:*:*:*:*:*:*"
],
"product": "Engage",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.3.37",
"status": "affected",
"version": "1.3.0",
"versionType": "custom"
},
{
"lessThan": "1.6.193",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:03.546Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a documentation issue in Engage."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:52.474Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-004",
"url": "https://security.tanium.com/TAN-2025-004"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Engage."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15324",
"datePublished": "2026-02-05T18:25:52.474Z",
"dateReserved": "2025-12-29T23:13:03.776Z",
"dateUpdated": "2026-02-06T19:03:42.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15325 (GCVE-0-2025-15325)
Vulnerability from cvelistv5
Published
2026-02-05 18:25
Modified
2026-02-06 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Tanium addressed an improper input validation vulnerability in Discover.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:04:36.861254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:04:45.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_discover:4.10.89:*:*:*:*:*:*:*"
],
"product": "Discover",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.10.90",
"status": "affected",
"version": "4.10.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:04.660Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Discover."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:29.908Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-005",
"url": "https://security.tanium.com/TAN-2025-005"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Discover."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15325",
"datePublished": "2026-02-05T18:25:29.908Z",
"dateReserved": "2025-12-29T23:13:04.840Z",
"dateUpdated": "2026-02-06T19:04:45.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15326 (GCVE-0-2025-15326)
Vulnerability from cvelistv5
Published
2026-02-05 18:25
Modified
2026-02-06 19:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Tanium addressed an improper access controls vulnerability in Patch.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:07:15.349117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:07:24.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_patch:3.17.2261:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_patch:3.19.194:*:*:*:*:*:*:*"
],
"product": "Patch",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.2262",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "3.19.195",
"status": "affected",
"version": "3.19.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:29.639Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper access controls vulnerability in Patch."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:11.487Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-006",
"url": "https://security.tanium.com/TAN-2025-006"
}
],
"title": "Tanium addressed an improper access controls vulnerability in Patch."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15326",
"datePublished": "2026-02-05T18:25:11.487Z",
"dateReserved": "2025-12-29T23:13:29.803Z",
"dateUpdated": "2026-02-06T19:07:24.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15327 (GCVE-0-2025-15327)
Vulnerability from cvelistv5
Published
2026-02-05 18:25
Modified
2026-02-06 19:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Tanium addressed an improper access controls vulnerability in Deploy.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:10:10.675713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:10:18.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_deploy:2.26.1252:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_deploy:2.30.149:*:*:*:*:*:*:*"
],
"product": "Deploy",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.26.1253",
"status": "affected",
"version": "2.26.0",
"versionType": "custom"
},
{
"lessThan": "2.30.150",
"status": "affected",
"version": "2.30.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:29.851Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper access controls vulnerability in Deploy."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:11.258Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-006",
"url": "https://security.tanium.com/TAN-2025-006"
}
],
"title": "Tanium addressed an improper access controls vulnerability in Deploy."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15327",
"datePublished": "2026-02-05T18:25:11.258Z",
"dateReserved": "2025-12-29T23:13:30.151Z",
"dateUpdated": "2026-02-06T19:10:18.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15328 (GCVE-0-2025-15328)
Vulnerability from cvelistv5
Published
2026-02-05 18:24
Modified
2026-02-06 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed an improper link resolution before file access vulnerability in Enforce.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:12:46.298503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:12:54.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_enforce:2.7.313:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_enforce:2.8.543:*:*:*:*:*:*:*"
],
"product": "Enforce",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.7.314",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
},
{
"lessThan": "2.8.544",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:30.169Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper link resolution before file access vulnerability in Enforce."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:24:42.534Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-007",
"url": "https://security.tanium.com/TAN-2025-007"
}
],
"title": "Tanium addressed an improper link resolution before file access vulnerability in Enforce."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15328",
"datePublished": "2026-02-05T18:24:42.534Z",
"dateReserved": "2025-12-29T23:13:30.399Z",
"dateUpdated": "2026-02-06T19:12:54.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15330 (GCVE-0-2025-15330)
Vulnerability from cvelistv5
Published
2026-02-05 18:24
Modified
2026-02-06 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Tanium addressed an improper input validation vulnerability in Deploy.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:13:20.790327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:13:31.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_deploy:2.26.1278:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_deploy:2.30.174:*:*:*:*:*:*:*"
],
"product": "Deploy",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.26.1279",
"status": "affected",
"version": "2.26.0",
"versionType": "custom"
},
{
"lessThan": "2.30.175",
"status": "affected",
"version": "2.30.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:30.875Z",
"datePublic": "2025-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Deploy."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:24:27.066Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-012",
"url": "https://security.tanium.com/TAN-2025-012"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Deploy."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15330",
"datePublished": "2026-02-05T18:24:27.066Z",
"dateReserved": "2025-12-29T23:13:31.023Z",
"dateUpdated": "2026-02-06T19:13:31.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15331 (GCVE-0-2025-15331)
Vulnerability from cvelistv5
Published
2026-02-05 18:23
Modified
2026-02-06 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-459 - Incomplete Cleanup
Summary
Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:14:45.363886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:14:52.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_connect:5.22.99:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_connect:5.26.86:*:*:*:*:*:*:*"
],
"product": "Connect",
"vendor": "Tanium",
"versions": [
{
"lessThan": "5.22.100",
"status": "affected",
"version": "5.22.0",
"versionType": "custom"
},
{
"lessThan": "5.26.87",
"status": "affected",
"version": "5.26.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:31.267Z",
"datePublic": "2025-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an uncontrolled resource consumption vulnerability in Connect."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:23:51.939Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-015",
"url": "https://security.tanium.com/TAN-2025-015"
}
],
"title": "Tanium addressed an uncontrolled resource consumption vulnerability in Connect."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15331",
"datePublished": "2026-02-05T18:23:51.939Z",
"dateReserved": "2025-12-29T23:13:31.408Z",
"dateUpdated": "2026-02-06T19:14:52.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}