4.6.577
4.9.379
CVE-2026-6392 describes an information disclosure vulnerability identified in Tanium Threat Response. This vulnerability could allow an attacker to potentially expose sensitive information. It impacts versions 4.6.0 through 4.9.379. A fix is available in version 4.9.379.
The information disclosure vulnerability in Tanium Threat Response allows an attacker to potentially access data that they are not authorized to view. The specific nature of the exposed data is not detailed, but it could include sensitive operational or security information. Successful exploitation could lead to a compromise of confidentiality and potentially aid in further attacks or investigations. While the CVSS score is LOW, the potential impact of unauthorized data access should not be underestimated, particularly in environments where Threat Response is used for critical security monitoring and incident response.
CVE-2026-6392 was publicly disclosed on April 22, 2026. There is no indication of active exploitation or KEV listing at this time. No public proof-of-concept (POC) code has been released. The vulnerability's LOW CVSS score suggests a relatively low probability of exploitation, but organizations should still prioritize patching.
Organizations heavily reliant on Tanium Threat Response for security monitoring and incident response are particularly at risk. Environments with older versions of Threat Response (4.6.0–4.9.379) are directly affected and should prioritize patching to prevent potential data exposure.
• linux / server:
journalctl -u tanium-threat-response | grep -i "information disclosure"• generic web:
curl -I <threat_response_endpoint> | grep -i "information disclosure"disclosure
漏洞利用状态
EPSS
0.03% (10% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-6392 is to upgrade Tanium Threat Response to version 4.9.379 or later. If upgrading immediately is not feasible, consider reviewing Tanium's documentation for any temporary workarounds or configuration changes that might reduce the risk. There are no specific WAF or proxy rules mentioned in the advisory, so focus on patching. After upgrading, confirm the fix by verifying that the information disclosure path is no longer accessible and that Threat Response is functioning as expected.
Actualice Tanium Threat Response a la versión 4.6.577 o posterior, o a la versión 4.9.379 o posterior para mitigar la vulnerabilidad de divulgación de información. Consulte la documentación oficial de Tanium para obtener instrucciones detalladas sobre cómo actualizar.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-6392 is a vulnerability in Tanium Threat Response that could allow unauthorized access to sensitive information. It affects versions 4.6.0–4.9.379 and has a CVSS score of 2.7 (LOW).
You are affected if you are using Tanium Threat Response versions 4.6.0 through 4.9.379. Upgrade to version 4.9.379 or later to address the vulnerability.
Upgrade Tanium Threat Response to version 4.9.379 or later. Consult Tanium's documentation for specific upgrade instructions.
There is currently no indication of active exploitation of CVE-2026-6392.
Refer to the official Tanium security advisory for detailed information and updates regarding CVE-2026-6392. Check the Tanium support portal for the latest advisory.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。