Platform
other
Component
tanium-interact
Fixed in
3.2.202
3.5.108
3.8.47
CVE-2026-6416 describes an uncontrolled resource consumption vulnerability discovered in Tanium Interact. This flaw can potentially lead to a denial-of-service (DoS) condition, impacting the availability of the Interact service. The vulnerability affects versions 3.2.0 through 3.8.47, and a fix is available in version 3.8.47.
The uncontrolled resource consumption vulnerability in Tanium Interact allows an attacker to potentially exhaust system resources, leading to a denial-of-service. An attacker could repeatedly trigger the resource-intensive operation, causing Interact to become unresponsive or crash. The impact is primarily focused on service disruption, potentially hindering operational visibility and control managed by Tanium. While the CVSS score is currently LOW, the potential for disruption warrants prompt remediation.
CVE-2026-6416 was publicly disclosed on 2026-04-22. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on CISA KEV as of this writing. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is currently considered low.
Exploit Status
EPSS
0.05% (14% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-6416 is to upgrade Tanium Interact to version 3.8.47 or later. If an immediate upgrade is not feasible, consider implementing rate limiting or resource quotas on Interact to restrict the frequency of potentially exploitable operations. Monitor Interact's resource utilization (CPU, memory, disk I/O) for unusual spikes that could indicate an attack in progress. There are no specific WAF rules or detection signatures readily available, so proactive monitoring is crucial.
Update Tanium Interact to version 3.2.202 or later, 3.5.108 or later, or 3.8.47 or later to mitigate the excessive resource consumption vulnerability. Refer to Tanium documentation for detailed instructions on how to update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6416 is a vulnerability in Tanium Interact that allows an attacker to exhaust system resources, potentially causing a denial-of-service. It affects versions 3.2.0–3.8.47.
You are affected if you are running Tanium Interact versions 3.2.0 through 3.8.47. Upgrade to 3.8.47 or later to mitigate the risk.
Upgrade Tanium Interact to version 3.8.47 or later. If immediate upgrade is not possible, implement resource quotas and monitor Interact's resource usage.
There are currently no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official Tanium security advisory for detailed information and guidance: [https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/](https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.