Skip to main content

Tanium Interact EUVDEUVD-2026-24597

| CVE-2026-6416 LOW
Uncontrolled Resource Consumption (CWE-400)
2026-04-22 Tanium GHSA-7fxx-2q9x-8wqf
2.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

6
Patch released
Apr 22, 2026 - 21:23 nvd
Patch available
Patch available
Apr 22, 2026 - 05:01 EUVD
Analysis Generated
Apr 22, 2026 - 03:23 vuln.today
EUVD ID Assigned
Apr 22, 2026 - 03:00 euvd
EUVD-2026-24597
Analysis Generated
Apr 22, 2026 - 03:00 vuln.today
CVE Published
Apr 22, 2026 - 01:46 nvd
LOW 2.7

DescriptionCVE.org

Tanium addressed an uncontrolled resource consumption vulnerability in Interact.

AnalysisAI

Uncontrolled resource consumption in Tanium Interact allows authenticated high-privilege administrators to trigger a denial of service condition through network-accessible endpoints. The vulnerability requires high-level administrative privileges (PR:H) and produces only availability impact with no confidentiality or integrity compromise. CVSS base score of 2.7 reflects the severe privilege barrier and limited impact scope.

Technical ContextAI

Tanium Interact is a platform for endpoint management and orchestration. The vulnerability involves CWE-400 (uncontrolled resource consumption), a weakness where the application fails to properly limit resource allocation in response to requests. This typically manifests as insufficient input validation or rate limiting on resource-intensive operations accessible through network interfaces. The affected product uses CPE cpe:2.3:a:tanium:interact:*:*:*:*:*:*:*:*, indicating the vulnerability affects multiple versions of the Interact product line. Network-accessible endpoints (AV:N) combined with resource consumption flaws suggest the vulnerability may involve API endpoints, daemon services, or management interfaces exposed to network traffic.

RemediationAI

Consult Tanium security advisory TAN-2026-010 at https://security.tanium.com/TAN-2026-010 for the specific patched version applicable to your deployment. Apply the vendor-released patch to all affected Tanium Interact instances once released versions are identified. Interim mitigation strategies include restricting network access to Interact management interfaces to trusted administrative networks only (network segmentation), implementing rate limiting on resource-intensive API endpoints if configurable within Interact administration panels, and monitoring resource consumption metrics (CPU, memory, disk) for anomalous spikes that could indicate exploitation attempts. These compensating controls preserve functionality while reducing the attack surface but do not address the underlying resource consumption flaw; patching remains the primary remediation path.

Share

EUVD-2026-24597 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy