Skip to main content

Tanium Connect CVE-2026-9208

| EUVDEUVD-2026-32667 HIGH
OS Command Injection (CWE-78)
2026-05-27 Tanium GHSA-2qj8-f68j-jw3x
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
May 27, 2026 - 23:03 EUVD
Analysis Generated
May 27, 2026 - 22:01 vuln.today

DescriptionCVE.org

Tanium addressed an unauthorized code execution vulnerability in Connect.

AnalysisAI

Unauthorized OS command execution in Tanium Connect allows an attacker holding low-privilege authenticated access to run arbitrary commands on the host, achieving full compromise of confidentiality, integrity, and availability. The CVSS 8.8 (network vector, low complexity, low privileges, no user interaction) reflects an authenticated remote code execution issue rooted in command injection (CWE-78). No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; EPSS data was not provided.

Technical ContextAI

Tanium Connect is the data-export/integration module of the Tanium endpoint management platform, used to forward endpoint and inventory data to external destinations (SIEMs, databases, files, HTTP endpoints). The affected component is identified by CPE cpe:2.3:a:tanium:connect (all versions enumerated). The root-cause class is CWE-78 (Improper Neutralization of Special Elements used in an OS Command), meaning attacker-controlled input reaches an operating-system command interpreter without adequate sanitization, allowing injected commands to execute in the context of the Connect process. The vendor and tags (RCE, Command Injection) corroborate that this is an OS command-injection path leading to code execution.

RemediationAI

Patch available per vendor advisory - apply the fixed Tanium Connect release described in Tanium security advisory TAN-2026-015 (https://security.tanium.com/TAN-2026-015); the exact fixed version was not in the provided data and must be obtained from that advisory. Until patching is complete, reduce exposure by tightening who can authenticate to and configure Connect (the attack requires low-privilege access, so restricting Connect console/configuration permissions to a minimal set of trusted administrators directly limits the attack surface, at the cost of operational flexibility for integration owners), restricting network reachability of the Connect/Tanium server management interfaces to trusted administrative networks, and auditing Connect destination/configuration objects for anomalous or injected command content. Confirm any workaround against TAN-2026-015, as vendor guidance may supersede these compensating controls.

CVE-2021-26715 CRITICAL POC
9.1 Mar 25

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF)

CVE-2021-27582 CRITICAL POC
9.1 Feb 23

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect th

CVE-2020-9442 HIGH POC
7.8 Feb 28

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10,

CVE-2016-7851 MEDIUM POC
6.1 Nov 08

Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. Rated medi

CVE-2017-11291 CRITICAL
10.0 Dec 09

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. Rated critical severity (CVSS 10.0), this vulnerabi

CVE-2016-0949 CRITICAL
9.8 Feb 10

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. Rated

CVE-2022-38131 MEDIUM POC
6.1 Sep 06

RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. Rated medium severity (CVSS 6.1), this vulnera

CVE-2020-5497 MEDIUM POC
6.1 Jan 04

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being inclu

CVE-2023-4662 CRITICAL
9.8 Sep 15

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. Rated criti

CVE-2023-4661 CRITICAL
9.8 Sep 15

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Co

CVE-2021-40719 CRITICAL
9.8 Oct 21

Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve a

CVE-2020-4747 CRITICAL
9.8 Dec 15

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated C

Share

CVE-2026-9208 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy