Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
6DescriptionCVE.org
Tanium addressed an information disclosure vulnerability in Tanium Server.
AnalysisAI
Tanium Server allows high-privileged authenticated users to disclose sensitive information through an unspecified network-accessible mechanism. The vulnerability requires administrative or equivalent privileges and carries a low CVSS score (2.7) reflecting limited impact to confidentiality with no integrity or availability consequences. No active exploitation or public proof-of-concept has been identified.
Technical ContextAI
CWE-522 (Insufficiently Protected Credentials) indicates the vulnerability involves inadequate protection of sensitive authentication or configuration data. The CVSS vector (AV:N/AC:L/PR:H/UI:N/S:U) shows network-accessible attack surface with low attack complexity and high privilege requirement, suggesting the flaw exists in an authenticated API, management interface, or privileged endpoint within Tanium Server. The vulnerability is scoped to the affected system only (S:U), meaning no impact to other networked systems.
RemediationAI
Apply the vendor-released patch from Tanium security advisory TAN-2026-012 (https://security.tanium.com/TAN-2026-012) to remediate the credential disclosure. If immediate patching is delayed, restrict administrative console and API access to trusted networks using firewall rules or VPN-gated access, and audit administrative account activity logs for unauthorized credential disclosure. Note that network restriction does not eliminate risk from compromised administrative accounts; patching is the definitive fix.
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24595