{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2350", "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "state": "PUBLISHED", "assignerShortName": "Tanium", "dateReserved": "2026-02-11T16:04:36.872Z", "datePublished": "2026-02-19T23:10:33.951Z", "dateUpdated": "2026-03-02T15:50:27.043Z"}, "containers": {"cna": {"affected": [{"product": "Interact", "vendor": "Tanium", "versions": [{"version": "3.2.0", "status": "affected", "lessThan": "3.2.196", "versionType": "custom"}, {"version": "3.5.0", "status": "affected", "lessThan": "3.5.102", "versionType": "custom"}], "cpes": ["cpe:2.3:a:tanium:service_interact:3.2.195:*:*:*:*:*:*:*", "cpe:2.3:a:tanium:service_interact:3.5.101:*:*:*:*:*:*:*"]}, {"product": "TDS", "vendor": "Tanium", "versions": [{"version": "4.1.0", "status": "affected", "lessThan": "4.1.257", "versionType": "custom"}], "cpes": ["cpe:2.3:a:tanium:service_tds:4.1.256:*:*:*:*:*:*:*"]}], "dateAssigned": "2026-02-11T16:04:36.295Z", "datePublic": "2026-02-19T23:10:05.500Z", "descriptions": [{"lang": "en", "value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "shortName": "Tanium", "dateUpdated": "2026-02-19T23:14:23.480Z"}, "references": [{"name": "TAN-2026-008", "url": "https://security.tanium.com/TAN-2026-008"}], "title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T15:41:02.790036Z", "id": "CVE-2026-2350", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T15:50:27.043Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2350", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T15:41:02.790036Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T15:50:17.548Z"}}], "cna": {"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.", "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"cpes": ["cpe:2.3:a:tanium:service_interact:3.2.195:*:*:*:*:*:*:*", "cpe:2.3:a:tanium:service_interact:3.5.101:*:*:*:*:*:*:*"], "vendor": "Tanium", "product": "Interact", "versions": [{"status": "affected", "version": "3.2.0", "lessThan": "3.2.196", "versionType": "custom"}, {"status": "affected", "version": "3.5.0", "lessThan": "3.5.102", "versionType": "custom"}]}, {"cpes": ["cpe:2.3:a:tanium:service_tds:4.1.256:*:*:*:*:*:*:*"], "vendor": "Tanium", "product": "TDS", "versions": [{"status": "affected", "version": "4.1.0", "lessThan": "4.1.257", "versionType": "custom"}]}], "datePublic": "2026-02-19T23:10:05.500Z", "references": [{"url": "https://security.tanium.com/TAN-2026-008", "name": "TAN-2026-008"}], "dateAssigned": "2026-02-11T16:04:36.295Z", "descriptions": [{"lang": "en", "value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "shortName": "Tanium", "dateUpdated": "2026-02-19T23:14:23.480Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2350", "state": "PUBLISHED", "dateUpdated": "2026-03-02T15:50:27.043Z", "dateReserved": "2026-02-11T16:04:36.872Z", "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "datePublished": "2026-02-19T23:10:33.951Z", "assignerShortName": "Tanium"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tanium:interact:*:*:*:*:*:*:*:*", "matchCriteriaId": "46FC0070-9739-435D-849B-B807E0234E99", "versionEndExcluding": "3.2.196", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tanium:interact:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3728708-507B-4141-ABBD-9875D2127341", "versionEndExcluding": "3.5.102", "versionStartIncluding": "3.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."}, {"lang": "es", "value": "Tanium abord\u00f3 una vulnerabilidad de inserci\u00f3n de informaci\u00f3n sensible en archivo de registro en Interact y TDS."}], "id": "CVE-2026-2350", "lastModified": "2026-02-27T23:48:19.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "type": "Secondary"}]}, "published": "2026-02-20T00:16:17.780", "references": [{"source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "tags": ["Vendor Advisory"], "url": "https://security.tanium.com/TAN-2026-008"}], "sourceIdentifier": "3938794e-25f5-4123-a1ba-5cbd7f104512", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.2.0,3.2.196)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.5.0,3.5.102)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Interact", "source": "cna", "vendor": "Tanium"}, "product": "interact", "vendor": "tanium"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.1.0,4.1.257)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "TDS", "source": "cna", "vendor": "Tanium"}, "product": "tds", "vendor": "tanium"}], "analysis": {"en": {"generated_at": "2026-04-16T16:45:23.095731+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011supplied patch or update for Tanium Interact and Tanium TDS that addresses log\u2011file sanitization.", "Restrict logging of sensitive information by configuring the applications to omit passwords, tokens, or other confidential data, or by disabling verbose logging in production environments.", "Audit existing log files for exposed secrets and rotate credentials, tokens, or keys that may have been inadvertently recorded.", "Enable monitoring for anomalous log entries that contain sensitive data and establish alerting to detect potential leaks."], "summary": {"action": "Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Tanium Interact and Tanium TDS. No specific version ranges are supplied, so all installations of these components should be reviewed and updated when a patch becomes available.", "description_and_impact": "The flaw allows the Interact and TDS components to record sensitive data such as credentials or tokens into log files without sanitization. This loss of confidentiality can expose privileged information to anyone who can read the logs, including administrators and compromised accounts. The weakness is catalogued as a log\u2011file management issue (CWE\u2011532) and does not provide direct code execution or denial\u2011of\u2011service capabilities, but the leakage of confidential data can compromise system integrity and privacy.", "risk_and_exploitability": "Rated with a CVSS score of 6.5, the vulnerability is moderately severe but unlikely to be actively exploited, as indicated by an EPSS score of less than 1% and its absence from the CISA KEV catalog. Exploitation would require the attacker to trigger the logging path and obtain access to the log files, meaning privileged or compromised accounts provide the simplest attack vectors. In environments where logs are exposed to wider audiences or stored in insecure locations, the risk is higher, whereas tight log access controls reduce the likelihood of a data leak."}}}}, "created": "2026-02-20T09:53:25.419129+00:00", "updated": "2026-04-16T16:45:25.962819+00:00", "vendors": ["tanium", "tanium$PRODUCT$interact", "tanium$PRODUCT$tds"]}