Plattform
other
Komponente
tanium-interact
Behoben in
3.2.202
3.5.108
3.8.47
CVE-2026-6416 describes an uncontrolled resource consumption vulnerability discovered in Tanium Interact. This flaw can potentially lead to a denial-of-service (DoS) condition, impacting the availability of the Interact service. The vulnerability affects versions 3.2.0 through 3.8.47, and a fix is available in version 3.8.47.
The uncontrolled resource consumption vulnerability in Tanium Interact allows an attacker to potentially exhaust system resources, leading to a denial-of-service. An attacker could repeatedly trigger the resource-intensive operation, causing Interact to become unresponsive or crash. The impact is primarily focused on service disruption, potentially hindering operational visibility and control managed by Tanium. While the CVSS score is currently LOW, the potential for disruption warrants prompt remediation.
CVE-2026-6416 was publicly disclosed on 2026-04-22. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on CISA KEV as of this writing. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is currently considered low.
Organizations heavily reliant on Tanium Interact for real-time visibility and control are at increased risk. Environments with limited resources or those running older Interact versions are particularly vulnerable to DoS attacks.
disclosure
Exploit-Status
EPSS
0.05% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-6416 is to upgrade Tanium Interact to version 3.8.47 or later. If an immediate upgrade is not feasible, consider implementing rate limiting or resource quotas on Interact to restrict the frequency of potentially exploitable operations. Monitor Interact's resource utilization (CPU, memory, disk I/O) for unusual spikes that could indicate an attack in progress. There are no specific WAF rules or detection signatures readily available, so proactive monitoring is crucial.
Aktualisieren Sie Tanium Interact auf Version 3.2.202 oder höher, 3.5.108 oder höher oder 3.8.47 oder höher, um die Schwachstelle des übermäßigen Ressourcenverbrauchs zu beheben. Weitere detaillierte Anweisungen zum Aktualisieren finden Sie in der Tanium-Dokumentation.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-6416 is a vulnerability in Tanium Interact that allows an attacker to exhaust system resources, potentially causing a denial-of-service. It affects versions 3.2.0–3.8.47.
You are affected if you are running Tanium Interact versions 3.2.0 through 3.8.47. Upgrade to 3.8.47 or later to mitigate the risk.
Upgrade Tanium Interact to version 3.8.47 or later. If immediate upgrade is not possible, implement resource quotas and monitor Interact's resource usage.
There are currently no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official Tanium security advisory for detailed information and guidance: [https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/](https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.