3.2.202
3.5.108
3.8.47
CVE-2026-6416 describes an uncontrolled resource consumption vulnerability discovered in Tanium Interact. This flaw can potentially lead to a denial-of-service (DoS) condition, impacting the availability of the Interact service. The vulnerability affects versions 3.2.0 through 3.8.47, and a fix is available in version 3.8.47.
The uncontrolled resource consumption vulnerability in Tanium Interact allows an attacker to potentially exhaust system resources, leading to a denial-of-service. An attacker could repeatedly trigger the resource-intensive operation, causing Interact to become unresponsive or crash. The impact is primarily focused on service disruption, potentially hindering operational visibility and control managed by Tanium. While the CVSS score is currently LOW, the potential for disruption warrants prompt remediation.
CVE-2026-6416 was publicly disclosed on 2026-04-22. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on CISA KEV as of this writing. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is currently considered low.
Organizations heavily reliant on Tanium Interact for real-time visibility and control are at increased risk. Environments with limited resources or those running older Interact versions are particularly vulnerable to DoS attacks.
disclosure
漏洞利用状态
EPSS
0.05% (14% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-6416 is to upgrade Tanium Interact to version 3.8.47 or later. If an immediate upgrade is not feasible, consider implementing rate limiting or resource quotas on Interact to restrict the frequency of potentially exploitable operations. Monitor Interact's resource utilization (CPU, memory, disk I/O) for unusual spikes that could indicate an attack in progress. There are no specific WAF rules or detection signatures readily available, so proactive monitoring is crucial.
将 Tanium Interact 更新到 3.2.202 或更高版本,3.5.108 或更高版本,或 3.8.47 或更高版本,以缓解资源过度消耗漏洞。请参阅 Tanium 文档以获取有关如何更新的详细说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-6416 is a vulnerability in Tanium Interact that allows an attacker to exhaust system resources, potentially causing a denial-of-service. It affects versions 3.2.0–3.8.47.
You are affected if you are running Tanium Interact versions 3.2.0 through 3.8.47. Upgrade to 3.8.47 or later to mitigate the risk.
Upgrade Tanium Interact to version 3.8.47 or later. If immediate upgrade is not possible, implement resource quotas and monitor Interact's resource usage.
There are currently no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official Tanium security advisory for detailed information and guidance: [https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/](https://www.tanium.com/security/advisory/tanium-security-advisory-cve-2026-6416/)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。