Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
6DescriptionCVE.org
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
AnalysisAI
Uncontrolled resource consumption in Tanium Interact allows authenticated high-privilege administrators to trigger a denial of service condition through network-accessible endpoints. The vulnerability requires high-level administrative privileges (PR:H) and produces only availability impact with no confidentiality or integrity compromise. CVSS base score of 2.7 reflects the severe privilege barrier and limited impact scope.
Technical ContextAI
Tanium Interact is a platform for endpoint management and orchestration. The vulnerability involves CWE-400 (uncontrolled resource consumption), a weakness where the application fails to properly limit resource allocation in response to requests. This typically manifests as insufficient input validation or rate limiting on resource-intensive operations accessible through network interfaces. The affected product uses CPE cpe:2.3:a:tanium:interact:*:*:*:*:*:*:*:*, indicating the vulnerability affects multiple versions of the Interact product line. Network-accessible endpoints (AV:N) combined with resource consumption flaws suggest the vulnerability may involve API endpoints, daemon services, or management interfaces exposed to network traffic.
RemediationAI
Consult Tanium security advisory TAN-2026-010 at https://security.tanium.com/TAN-2026-010 for the specific patched version applicable to your deployment. Apply the vendor-released patch to all affected Tanium Interact instances once released versions are identified. Interim mitigation strategies include restricting network access to Interact management interfaces to trusted administrative networks only (network segmentation), implementing rate limiting on resource-intensive API endpoints if configurable within Interact administration panels, and monitoring resource consumption metrics (CPU, memory, disk) for anomalous spikes that could indicate exploitation attempts. These compensating controls preserve functionality while reducing the attack surface but do not address the underlying resource consumption flaw; patching remains the primary remediation path.
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execut
Tanium Interact logs sensitive information that authenticated users can access, potentially exposing confidential data t
The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulne
Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a
Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]
Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24597
GHSA-7fxx-2q9x-8wqf