Platform
linux
Component
tanium-threat-response
Fixed in
4.6.577
4.9.379
CVE-2026-6392 describes an information disclosure vulnerability identified in Tanium Threat Response. This vulnerability could allow an attacker to potentially expose sensitive information. It impacts versions 4.6.0 through 4.9.379. A fix is available in version 4.9.379.
The information disclosure vulnerability in Tanium Threat Response allows an attacker to potentially access data that they are not authorized to view. The specific nature of the exposed data is not detailed, but it could include sensitive operational or security information. Successful exploitation could lead to a compromise of confidentiality and potentially aid in further attacks or investigations. While the CVSS score is LOW, the potential impact of unauthorized data access should not be underestimated, particularly in environments where Threat Response is used for critical security monitoring and incident response.
CVE-2026-6392 was publicly disclosed on April 22, 2026. There is no indication of active exploitation or KEV listing at this time. No public proof-of-concept (POC) code has been released. The vulnerability's LOW CVSS score suggests a relatively low probability of exploitation, but organizations should still prioritize patching.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-6392 is to upgrade Tanium Threat Response to version 4.9.379 or later. If upgrading immediately is not feasible, consider reviewing Tanium's documentation for any temporary workarounds or configuration changes that might reduce the risk. There are no specific WAF or proxy rules mentioned in the advisory, so focus on patching. After upgrading, confirm the fix by verifying that the information disclosure path is no longer accessible and that Threat Response is functioning as expected.
Update Tanium Threat Response to version 4.6.577 or later, or to version 4.9.379 or later to mitigate the information disclosure vulnerability. See the official Tanium documentation for detailed instructions on how to update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6392 is a vulnerability in Tanium Threat Response that could allow unauthorized access to sensitive information. It affects versions 4.6.0–4.9.379 and has a CVSS score of 2.7 (LOW).
You are affected if you are using Tanium Threat Response versions 4.6.0 through 4.9.379. Upgrade to version 4.9.379 or later to address the vulnerability.
Upgrade Tanium Threat Response to version 4.9.379 or later. Consult Tanium's documentation for specific upgrade instructions.
There is currently no indication of active exploitation of CVE-2026-6392.
Refer to the official Tanium security advisory for detailed information and updates regarding CVE-2026-6392. Check the Tanium support portal for the latest advisory.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.