Plateforme
linux
Composant
tanium-server
Corrigé dans
7.6.5
7.7.4
7.8.3
CVE-2026-6408 represents an information disclosure vulnerability identified within Tanium Server. This vulnerability could allow unauthorized access to sensitive data stored or processed by the server. The vulnerability affects Tanium Server versions 7.6.4 through 7.8.2.1168. A patch addressing this issue has been released in version 7.8.2.1168.
Successful exploitation of CVE-2026-6408 could allow an attacker to gain unauthorized access to sensitive information managed by the Tanium Server. The specific data exposed depends on the server's configuration and the data it handles, potentially including credentials, configuration details, or operational data. While the CVSS score is LOW, the potential impact on confidentiality could be significant, particularly if the exposed data is highly sensitive or used for critical operations. This vulnerability does not appear to lead to direct remote code execution, but the information gained could be leveraged in subsequent attacks.
CVE-2026-6408 was publicly disclosed on 2026-04-22. There is currently no public proof-of-concept (POC) code available. The EPSS score is not yet available, but given the LOW CVSS score and lack of public exploits, the probability of active exploitation is currently considered low. This vulnerability is tracked by the NVD.
Organizations heavily reliant on Tanium Server for endpoint management and security visibility are at increased risk. Environments with misconfigured Tanium Servers or those lacking robust access controls are particularly vulnerable. Any deployment within the affected version range (7.6.4–7.8.2.1168) is potentially at risk.
• linux / server:
journalctl -u tanium-server | grep -i "sensitive data"• generic web:
curl -I https://<tanium_server_ip>/sensitive_endpoint• linux / server:
ps aux | grep tanium-serverdisclosure
Statut de l'Exploit
EPSS
0.03% (percentile 9%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-6408 is to upgrade Tanium Server to version 7.8.2.1168 or later. Before upgrading, review Tanium's release notes for any potential compatibility issues or breaking changes. Consider performing a test upgrade in a non-production environment first. There are no specific WAF or proxy rules that can directly mitigate this information disclosure vulnerability; the upgrade is essential. Monitor Tanium Server logs for any unusual activity or unauthorized access attempts following the upgrade.
Mettez à jour Tanium Server à la version 7.6.4.2185 ou supérieure, 7.7.3.8266 ou supérieure, ou 7.8.2.1168 ou supérieure pour atténuer la vulnérabilité de divulgation d'informations. Consultez la documentation officielle de Tanium pour obtenir des instructions détaillées sur la façon de procéder à la mise à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-6408 is a vulnerability in Tanium Server that allows unauthorized access to sensitive information. It affects versions 7.6.4–7.8.2.1168 and has a CVSS score of 2.7 (LOW).
You are affected if you are running Tanium Server versions 7.6.4 through 7.8.2.1168. Check your current version and upgrade if necessary.
Upgrade Tanium Server to version 7.8.2.1168 or later. Review the release notes for compatibility considerations before upgrading.
Currently, there are no public exploits or confirmed active exploitation campaigns for CVE-2026-6408.
Refer to the official Tanium security advisory for detailed information and instructions: [https://www.tanium.com/security/advisory/tanium-sa-0001/](https://www.tanium.com/security/advisory/tanium-sa-0001/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.