Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
6DescriptionCVE.org
Tanium addressed an information disclosure vulnerability in Threat Response.
AnalysisAI
Information disclosure vulnerability in Tanium Threat Response allows high-privileged authenticated users to access sensitive data via network requests. The vulnerability affects all versions of Threat Response and requires administrator-level privileges to exploit, resulting in confidentiality impact with no integrity or availability compromise. No active exploitation has been publicly identified.
Technical ContextAI
The vulnerability is classified as an information disclosure flaw (CWE-200), indicating improper access control or exposure of sensitive information. Tanium Threat Response is a security platform for threat hunting and incident response. The network-accessible nature (AV:N) combined with high privilege requirements (PR:H) suggests the vulnerability exists in an authenticated administrative interface or API endpoint where authorization checks may be insufficient to prevent disclosure of restricted data to high-privileged users. The low complexity (AC:L) indicates the exploitation does not require special conditions beyond authentication.
RemediationAI
Tanium has addressed this vulnerability; refer to security advisory TAN-2026-011 at https://security.tanium.com/TAN-2026-011 for the specific patched version and upgrade instructions. The primary remediation is to update Threat Response to the vendor-released patched version as detailed in the advisory. As an interim compensating control pending patching, restrict administrative access to Threat Response to only necessary personnel and implement network segmentation to limit who can reach the administrative interface, reducing the pool of potential attackers with the required PR:H privilege level. Monitor administrative account activity and API access logs for unusual data retrieval patterns that may indicate exploitation attempts.
More in Threat Response
View allTanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.9 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.9 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24593