What is the CVSS score of CVE-2026-9207?

CVE-2026-9207 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Tanium Connect are affected by CVE-2026-9207?

Tanium Connect versions 5.26, 5.29, and 5.37 contain an OS command injection vulnerability that permits authenticated low-privilege users to execute arbitrary commands and gain full control of…. A patch is available.

How to fix or mitigate CVE-2026-9207?

24 hours: Enumerate all Tanium Connect deployments and identify systems running affected branches (5.26, 5.29, 5.37 below fixed builds). 7 days: Apply vendor-released patch to all identified instances per Tanium advisory. 30 days: Confirm patch deployment across endpoint inventory, review authentication and command execution logs for suspicious activity during exposure window, and document remediation completion.

Tanium Connect CVE-2026-9207

EUVD-2026-32035 HIGH

OS Command Injection (CWE-78)

2026-05-27 3938794e-25f5-4123-a1ba-5cbd7f104512

GHSA-4p47-gj2p-5wr9

RCE Command Injection

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 20:39 vuln.today

Patch available

May 27, 2026 - 19:46 EUVD

DescriptionNVD

Tanium addressed an unauthorized code execution vulnerability in Connect.

AnalysisAI

OS command injection in Tanium Connect lets an authenticated, low-privileged user execute arbitrary commands on the underlying host, yielding full confidentiality, integrity, and availability compromise (CVSS 8.8). The flaw affects Connect branches 5.26, 5.29, and 5.37 below their respective fixed builds and is tagged as RCE/Command Injection. …

RemediationAI

24 hours: Enumerate all Tanium Connect deployments and identify systems running affected branches (5.26, 5.29, 5.37 below fixed builds). 7 days: Apply vendor-released patch to all identified instances per Tanium advisory. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9207 vulnerability details – vuln.today

Back

Tanium Connect CVE-2026-9207

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code