LOWCVE-2026-6416CVSS 2.7

A Tanium corrigiu uma vulnerabilidade de consumo descontrolado de recursos em Interact.

Plataforma

other

Componente

tanium-interact

Corrigido em

3.2.202

3.5.108

3.8.47

AI Confidence: highNVDEPSS 0.0%Revisado: mai. de 2026

Ver no NVD

Salvar

Traduzindo para o seu idioma…

CVE-2026-6416 describes an uncontrolled resource consumption vulnerability discovered in Tanium Interact. This flaw can potentially lead to a denial-of-service (DoS) condition, impacting the availability of the Interact service. The vulnerability affects versions 3.2.0 through 3.8.47, and a fix is available in version 3.8.47.

Impacto e Cenários de Ataquetraduzindo…

The uncontrolled resource consumption vulnerability in Tanium Interact allows an attacker to potentially exhaust system resources, leading to a denial-of-service. An attacker could repeatedly trigger the resource-intensive operation, causing Interact to become unresponsive or crash. The impact is primarily focused on service disruption, potentially hindering operational visibility and control managed by Tanium. While the CVSS score is currently LOW, the potential for disruption warrants prompt remediation.

Contexto de Exploraçãotraduzindo…

CVE-2026-6416 was publicly disclosed on 2026-04-22. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on CISA KEV as of this writing. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is currently considered low.

Quem Está em Riscotraduzindo…

Organizations heavily reliant on Tanium Interact for real-time visibility and control are at increased risk. Environments with limited resources or those running older Interact versions are particularly vulnerable to DoS attacks.

Linha do Tempo do Ataque

2026-04-22Disclosure
disclosure

Inteligência de Ameaças

Status do Exploit

Prova de ConceitoDesconhecido

CISA KEVNO

Exposição na InternetAlta

Relatórios1 relatório de ameaça

EPSS

0.05% (percentil 14%)

CISA SSVC

Exploraçãonone

Automatizávelno

Impacto Técnicopartial

Vetor CVSS

Software Afetado

Componentetanium-interact

FornecedorTanium

Faixa afetadaCorrigido em

3.2.0 – 3.2.2013.2.202

3.5.0 – 3.5.1073.5.108

3.8.0 – 3.8.463.8.47

Classificação de Fraqueza (CWE)

CWE-400

Linha do tempo

Reservado2026-04-15
Publicada2026-04-22
EPSS atualizado2026-04-29

Mitigação e Soluções Alternativastraduzindo…

The primary mitigation for CVE-2026-6416 is to upgrade Tanium Interact to version 3.8.47 or later. If an immediate upgrade is not feasible, consider implementing rate limiting or resource quotas on Interact to restrict the frequency of potentially exploitable operations. Monitor Interact's resource utilization (CPU, memory, disk I/O) for unusual spikes that could indicate an attack in progress. There are no specific WAF rules or detection signatures readily available, so proactive monitoring is crucial.

Como corrigir

Atualize Tanium Interact para a versão 3.2.202 ou posterior, 3.5.108 ou posterior, ou 3.8.47 ou posterior para mitigar a vulnerabilidade de consumo excessivo de recursos. Consulte a documentação da Tanium para obter instruções detalhadas sobre como atualizar.

Boletim de Segurança CVE

Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.

Perguntas frequentestraduzindo…

What is CVE-2026-6416 — Resource Consumption in Tanium Interact?

CVE-2026-6416 is a vulnerability in Tanium Interact that allows an attacker to exhaust system resources, potentially causing a denial-of-service. It affects versions 3.2.0–3.8.47.

Am I affected by CVE-2026-6416 in Tanium Interact?

You are affected if you are running Tanium Interact versions 3.2.0 through 3.8.47. Upgrade to 3.8.47 or later to mitigate the risk.

How do I fix CVE-2026-6416 in Tanium Interact?

Upgrade Tanium Interact to version 3.8.47 or later. If immediate upgrade is not possible, implement resource quotas and monitor Interact's resource usage.

Is CVE-2026-6416 being actively exploited?

There are currently no publicly available proof-of-concept exploits or confirmed reports of active exploitation.

Where can I find the official Tanium advisory for CVE-2026-6416?

Refer to the official Tanium security advisory for detailed information and guidance: [https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/](https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/)

NextGuard

Vulnerabilidades

Seu projeto está afetado?

Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.

Escanear grátis

Buscar CVEs

O que significam essas métricas?

Attack Vector: Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
Attack Complexity: Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
Privileges Required: Alto — conta de administrador ou privilegiada necessária.
User Interaction: Nenhuma — ataque automático e silencioso. A vítima não faz nada.
Scope: Inalterado — impacto limitado ao componente vulnerável.
Confidentiality: Nenhum — sem impacto na confidencialidade.
Integrity: Nenhum — sem impacto na integridade.
Availability: Baixo — negação de serviço parcial ou intermitente.