Plateforme
other
Composant
tanium-interact
Corrigé dans
3.2.202
3.5.108
3.8.47
CVE-2026-6416 describes an uncontrolled resource consumption vulnerability discovered in Tanium Interact. This flaw can potentially lead to a denial-of-service (DoS) condition, impacting the availability of the Interact service. The vulnerability affects versions 3.2.0 through 3.8.47, and a fix is available in version 3.8.47.
The uncontrolled resource consumption vulnerability in Tanium Interact allows an attacker to potentially exhaust system resources, leading to a denial-of-service. An attacker could repeatedly trigger the resource-intensive operation, causing Interact to become unresponsive or crash. The impact is primarily focused on service disruption, potentially hindering operational visibility and control managed by Tanium. While the CVSS score is currently LOW, the potential for disruption warrants prompt remediation.
CVE-2026-6416 was publicly disclosed on 2026-04-22. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on CISA KEV as of this writing. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is currently considered low.
Organizations heavily reliant on Tanium Interact for real-time visibility and control are at increased risk. Environments with limited resources or those running older Interact versions are particularly vulnerable to DoS attacks.
disclosure
Statut de l'Exploit
EPSS
0.05% (percentile 14%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-6416 is to upgrade Tanium Interact to version 3.8.47 or later. If an immediate upgrade is not feasible, consider implementing rate limiting or resource quotas on Interact to restrict the frequency of potentially exploitable operations. Monitor Interact's resource utilization (CPU, memory, disk I/O) for unusual spikes that could indicate an attack in progress. There are no specific WAF rules or detection signatures readily available, so proactive monitoring is crucial.
Mettez à jour Tanium Interact à la version 3.2.202 ou ultérieure, 3.5.108 ou ultérieure, ou 3.8.47 ou ultérieure pour atténuer la vulnérabilité de consommation excessive de ressources. Consultez la documentation de Tanium pour obtenir des instructions détaillées sur la façon de procéder à la mise à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-6416 is a vulnerability in Tanium Interact that allows an attacker to exhaust system resources, potentially causing a denial-of-service. It affects versions 3.2.0–3.8.47.
You are affected if you are running Tanium Interact versions 3.2.0 through 3.8.47. Upgrade to 3.8.47 or later to mitigate the risk.
Upgrade Tanium Interact to version 3.8.47 or later. If immediate upgrade is not possible, implement resource quotas and monitor Interact's resource usage.
There are currently no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official Tanium security advisory for detailed information and guidance: [https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/](https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.