プラットフォーム
linux
コンポーネント
tanium-threat-response
修正版
4.6.577
4.9.379
CVE-2026-6392 describes an information disclosure vulnerability identified in Tanium Threat Response. This vulnerability could allow an attacker to potentially expose sensitive information. It impacts versions 4.6.0 through 4.9.379. A fix is available in version 4.9.379.
The information disclosure vulnerability in Tanium Threat Response allows an attacker to potentially access data that they are not authorized to view. The specific nature of the exposed data is not detailed, but it could include sensitive operational or security information. Successful exploitation could lead to a compromise of confidentiality and potentially aid in further attacks or investigations. While the CVSS score is LOW, the potential impact of unauthorized data access should not be underestimated, particularly in environments where Threat Response is used for critical security monitoring and incident response.
CVE-2026-6392 was publicly disclosed on April 22, 2026. There is no indication of active exploitation or KEV listing at this time. No public proof-of-concept (POC) code has been released. The vulnerability's LOW CVSS score suggests a relatively low probability of exploitation, but organizations should still prioritize patching.
Organizations heavily reliant on Tanium Threat Response for security monitoring and incident response are particularly at risk. Environments with older versions of Threat Response (4.6.0–4.9.379) are directly affected and should prioritize patching to prevent potential data exposure.
• linux / server:
journalctl -u tanium-threat-response | grep -i "information disclosure"• generic web:
curl -I <threat_response_endpoint> | grep -i "information disclosure"disclosure
エクスプロイト状況
EPSS
0.03% (10% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-6392 is to upgrade Tanium Threat Response to version 4.9.379 or later. If upgrading immediately is not feasible, consider reviewing Tanium's documentation for any temporary workarounds or configuration changes that might reduce the risk. There are no specific WAF or proxy rules mentioned in the advisory, so focus on patching. After upgrading, confirm the fix by verifying that the information disclosure path is no longer accessible and that Threat Response is functioning as expected.
Tanium Threat Responseをバージョン4.6.577以降、またはバージョン4.9.379以降にアップデートすることで、情報漏洩の脆弱性を軽減できます。詳細なアップデート手順については、Taniumの公式ドキュメントを参照してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-6392 is a vulnerability in Tanium Threat Response that could allow unauthorized access to sensitive information. It affects versions 4.6.0–4.9.379 and has a CVSS score of 2.7 (LOW).
You are affected if you are using Tanium Threat Response versions 4.6.0 through 4.9.379. Upgrade to version 4.9.379 or later to address the vulnerability.
Upgrade Tanium Threat Response to version 4.9.379 or later. Consult Tanium's documentation for specific upgrade instructions.
There is currently no indication of active exploitation of CVE-2026-6392.
Refer to the official Tanium security advisory for detailed information and updates regarding CVE-2026-6392. Check the Tanium support portal for the latest advisory.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。