Skip to main content

Tanium Server CVE-2026-9156

| EUVDEUVD-2026-32034 MEDIUM
Missing Release of Resource after Effective Lifetime (CWE-772)
2026-05-27 3938794e-25f5-4123-a1ba-5cbd7f104512 GHSA-8987-p6rf-jvmc
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 27, 2026 - 21:41 vuln.today
Patch available
May 27, 2026 - 19:46 EUVD

DescriptionCVE.org

Tanium addressed a denial of service vulnerability in Tanium Server.

AnalysisAI

Authenticated network-accessible denial of service in Tanium Server affects three active release branches, patched in versions 7.6.4.2190, 7.7.3.8274, and 7.8.2.1176. The vulnerability stems from a CWE-772 resource leak - allocated resources are not released after their effective lifetime, enabling a low-privileged authenticated attacker to exhaust server resources. A notable conflict exists in the available data: the CVSS vector reports C:H/I:N/A:N (high confidentiality impact, no availability impact) while the CVE description, ENISA EUVD tags, and vendor advisory title all characterize this as a denial of service; defenders should treat both confidentiality and availability as potentially affected until Tanium clarifies. No public exploit is identified and EPSS is low at 0.03%.

Technical ContextAI

Tanium Server is an enterprise endpoint management and security platform used in large-scale IT environments, often with privileged access to managed endpoints. The root cause is CWE-772 (Missing Release of Resource after Effective Lifetime), a class of resource management flaw where the server allocates memory, file handles, or connections but fails to free them under certain conditions, leading to progressive exhaustion. Affected CPE-equivalent versions span three maintained branches: 7.6.4.x (prior to 7.6.4.2190), 7.7.3.x (prior to 7.7.3.8274), and 7.8.2.x (prior to 7.8.2.1176) per ENISA EUVD-2026-32034. The CVSS attack vector is Network with Low complexity, meaning the resource leak is triggerable remotely without special conditions beyond holding a low-privilege account on the Tanium Server.

RemediationAI

The primary remediation is to upgrade Tanium Server to the patched builds released by Tanium: version 7.6.4.2190 for the 7.6.4 branch, version 7.7.3.8274 for the 7.7.3 branch, or version 7.8.2.1176 for the 7.8.2 branch. The vendor advisory is available at https://security.tanium.com/TAN-2026-013 and should be consulted for full upgrade instructions and any release notes. If immediate patching is not feasible, a compensating control would be to restrict access to the Tanium Server management interface to a minimal set of known-good, privileged service accounts only, reducing the pool of low-privilege identities that could trigger the resource leak. Additionally, network-level access control lists (ACLs) limiting which subnets can reach the Tanium Server's management ports would reduce the attack surface, though this does not eliminate the vulnerability. Monitor server resource utilization (memory, file handles, thread pools) for anomalous growth as an indicator of exploitation attempts. Note that both the confidentiality and availability implications remain unclear pending full advisory review.

More in Server

View all
CVE-2018-1000881 CRITICAL POC
9.8 Dec 20

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injectio

CVE-2026-60104 CRITICAL POC
9.3 Jul 08

Account takeover in self-hosted Bitwarden Server before 2026.6.0 lets a low-privileged organization member steal any oth

CVE-2026-43639 HIGH POC
8.9 May 11

Provider service users in Bitwarden Server Cloud can hijack arbitrary organizations via unauthorized API endpoint access

CVE-2021-42973 HIGH POC
8.8 Dec 07

NoMachine Server is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack compl

CVE-2021-42972 HIGH POC
8.8 Dec 07

NoMachine Server is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack comple

CVE-2026-43640 HIGH POC
8.6 May 11

Authentication bypass in Bitwarden Server versions prior to 2026.4.1 allows authenticated users with SCIM management pri

CVE-2019-25609 HIGH POC
8.6 Mar 22

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration fiel

CVE-2023-30223 HIGH POC
7.5 Jun 16

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to sen

CVE-2023-30222 HIGH POC
7.5 Jun 16

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to

CVE-2026-57520 HIGH POC
7.1 Jun 25

Privilege escalation in self-hosted Bitwarden Server before 2026.5.0 lets an authenticated organization member holding a

CVE-2017-7855 MEDIUM POC
6.1 Aug 31

In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" paramet

CVE-2022-39395 CRITICAL
9.9 Nov 10

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated critical se

Share

CVE-2026-9156 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy