Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Tanium addressed an unauthorized code execution vulnerability in Connect.
AnalysisAI
Unauthorized OS command execution in Tanium Connect allows an attacker holding low-privilege authenticated access to run arbitrary commands on the host, achieving full compromise of confidentiality, integrity, and availability. The CVSS 8.8 (network vector, low complexity, low privileges, no user interaction) reflects an authenticated remote code execution issue rooted in command injection (CWE-78). No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; EPSS data was not provided.
Technical ContextAI
Tanium Connect is the data-export/integration module of the Tanium endpoint management platform, used to forward endpoint and inventory data to external destinations (SIEMs, databases, files, HTTP endpoints). The affected component is identified by CPE cpe:2.3:a:tanium:connect (all versions enumerated). The root-cause class is CWE-78 (Improper Neutralization of Special Elements used in an OS Command), meaning attacker-controlled input reaches an operating-system command interpreter without adequate sanitization, allowing injected commands to execute in the context of the Connect process. The vendor and tags (RCE, Command Injection) corroborate that this is an OS command-injection path leading to code execution.
RemediationAI
Patch available per vendor advisory - apply the fixed Tanium Connect release described in Tanium security advisory TAN-2026-015 (https://security.tanium.com/TAN-2026-015); the exact fixed version was not in the provided data and must be obtained from that advisory. Until patching is complete, reduce exposure by tightening who can authenticate to and configure Connect (the attack requires low-privilege access, so restricting Connect console/configuration permissions to a minimal set of trusted administrators directly limits the attack surface, at the cost of operational flexibility for integration owners), restricting network reachability of the Connect/Tanium server management interfaces to trusted administrative networks, and auditing Connect destination/configuration objects for anomalous or injected command content. Confirm any workaround against TAN-2026-015, as vendor guidance may supersede these compensating controls.
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF)
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect th
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10,
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. Rated medi
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. Rated critical severity (CVSS 10.0), this vulnerabi
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. Rated
RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. Rated medium severity (CVSS 6.1), this vulnera
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being inclu
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. Rated criti
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Co
Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve a
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated C
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32667
GHSA-2qj8-f68j-jw3x