Plattform
linux
Komponente
tanium-threat-response
Behoben in
4.6.577
4.9.379
CVE-2026-6392 describes an information disclosure vulnerability identified in Tanium Threat Response. This vulnerability could allow an attacker to potentially expose sensitive information. It impacts versions 4.6.0 through 4.9.379. A fix is available in version 4.9.379.
The information disclosure vulnerability in Tanium Threat Response allows an attacker to potentially access data that they are not authorized to view. The specific nature of the exposed data is not detailed, but it could include sensitive operational or security information. Successful exploitation could lead to a compromise of confidentiality and potentially aid in further attacks or investigations. While the CVSS score is LOW, the potential impact of unauthorized data access should not be underestimated, particularly in environments where Threat Response is used for critical security monitoring and incident response.
CVE-2026-6392 was publicly disclosed on April 22, 2026. There is no indication of active exploitation or KEV listing at this time. No public proof-of-concept (POC) code has been released. The vulnerability's LOW CVSS score suggests a relatively low probability of exploitation, but organizations should still prioritize patching.
Organizations heavily reliant on Tanium Threat Response for security monitoring and incident response are particularly at risk. Environments with older versions of Threat Response (4.6.0–4.9.379) are directly affected and should prioritize patching to prevent potential data exposure.
• linux / server:
journalctl -u tanium-threat-response | grep -i "information disclosure"• generic web:
curl -I <threat_response_endpoint> | grep -i "information disclosure"disclosure
Exploit-Status
EPSS
0.03% (10% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-6392 is to upgrade Tanium Threat Response to version 4.9.379 or later. If upgrading immediately is not feasible, consider reviewing Tanium's documentation for any temporary workarounds or configuration changes that might reduce the risk. There are no specific WAF or proxy rules mentioned in the advisory, so focus on patching. After upgrading, confirm the fix by verifying that the information disclosure path is no longer accessible and that Threat Response is functioning as expected.
Actualice Tanium Threat Response a la versión 4.6.577 o posterior, o a la versión 4.9.379 o posterior para mitigar la vulnerabilidad de divulgación de información. Consulte la documentación oficial de Tanium para obtener instrucciones detalladas sobre cómo actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-6392 is a vulnerability in Tanium Threat Response that could allow unauthorized access to sensitive information. It affects versions 4.6.0–4.9.379 and has a CVSS score of 2.7 (LOW).
You are affected if you are using Tanium Threat Response versions 4.6.0 through 4.9.379. Upgrade to version 4.9.379 or later to address the vulnerability.
Upgrade Tanium Threat Response to version 4.9.379 or later. Consult Tanium's documentation for specific upgrade instructions.
There is currently no indication of active exploitation of CVE-2026-6392.
Refer to the official Tanium security advisory for detailed information and updates regarding CVE-2026-6392. Check the Tanium support portal for the latest advisory.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.