{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6408", "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "state": "PUBLISHED", "assignerShortName": "Tanium", "dateReserved": "2026-04-15T21:51:17.871Z", "datePublished": "2026-04-22T01:46:40.653Z", "dateUpdated": "2026-04-22T12:49:39.769Z"}, "containers": {"cna": {"affected": [{"product": "Tanium Server", "vendor": "Tanium", "versions": [{"version": "7.6.4.0", "status": "affected", "lessThan": "7.6.4.2185", "versionType": "custom"}, {"version": "7.7.3.0", "status": "affected", "lessThan": "7.7.3.8266", "versionType": "custom"}, {"version": "7.8.2.0", "status": "affected", "lessThan": "7.8.2.1168", "versionType": "custom"}]}], "dateAssigned": "2026-04-15T21:51:17.273Z", "datePublic": "2026-04-22T01:46:17.259Z", "descriptions": [{"lang": "en", "value": "Tanium addressed an information disclosure vulnerability in Tanium Server."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "shortName": "Tanium", "dateUpdated": "2026-04-22T01:46:40.653Z"}, "references": [{"name": "TAN-2026-012", "url": "https://security.tanium.com/TAN-2026-012"}], "title": "Tanium addressed an information disclosure vulnerability in Tanium Server."}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T12:48:18.544819Z", "id": "CVE-2026-6408", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:49:39.769Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6408", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T12:48:18.544819Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:49:26.375Z"}}], "cna": {"title": "Tanium addressed an information disclosure vulnerability in Tanium Server.", "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "Tanium", "product": "Tanium Server", "versions": [{"status": "affected", "version": "7.6.4.0", "lessThan": "7.6.4.2185", "versionType": "custom"}, {"status": "affected", "version": "7.7.3.0", "lessThan": "7.7.3.8266", "versionType": "custom"}, {"status": "affected", "version": "7.8.2.0", "lessThan": "7.8.2.1168", "versionType": "custom"}]}], "datePublic": "2026-04-22T01:46:17.259Z", "references": [{"url": "https://security.tanium.com/TAN-2026-012", "name": "TAN-2026-012"}], "dateAssigned": "2026-04-15T21:51:17.273Z", "descriptions": [{"lang": "en", "value": "Tanium addressed an information disclosure vulnerability in Tanium Server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "shortName": "Tanium", "dateUpdated": "2026-04-22T01:46:40.653Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6408", "state": "PUBLISHED", "dateUpdated": "2026-04-22T12:49:39.769Z", "dateReserved": "2026-04-15T21:51:17.871Z", "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "datePublished": "2026-04-22T01:46:40.653Z", "assignerShortName": "Tanium"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*", "matchCriteriaId": "651D8313-17B7-4BC0-B6F8-F3387D696EE7", "versionEndExcluding": "7.6.4.2185", "versionStartIncluding": "7.6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4FFBD03-2962-408B-A6F5-ABD5BDA05D04", "versionEndExcluding": "7.7.3.8266", "versionStartIncluding": "7.7.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*", "matchCriteriaId": "679DA8A7-E1C4-4403-98E1-3AD4681D33A6", "versionEndExcluding": "7.8.2.1168", "versionStartIncluding": "7.8.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tanium addressed an information disclosure vulnerability in Tanium Server."}], "id": "CVE-2026-6408", "lastModified": "2026-05-05T19:43:07.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "type": "Secondary"}]}, "published": "2026-04-22T03:16:01.540", "references": [{"source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "tags": ["Vendor Advisory"], "url": "https://security.tanium.com/TAN-2026-012"}], "sourceIdentifier": "3938794e-25f5-4123-a1ba-5cbd7f104512", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[7.6.4.0,7.6.4.2185)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[7.7.3.0,7.7.3.8266)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[7.8.2.0,7.8.2.1168)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Tanium Server", "source": "cna", "vendor": "Tanium"}, "product": "tanium_server", "vendor": "tanium"}], "analysis": {"en": {"generated_at": "2026-04-22T04:21:25.663307+00:00", "value": {"mitigation_remediation": ["Apply the latest Tanium Server patch or upgrade to the latest version", "Restrict network access to Tanium Server endpoints and enforce least privilege for users", "Monitor system logs for unusual attempts to access or retrieve configuration data"], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is Tanium Server. No specific version information is provided, so all deployments of Tanium Server may be impacted until an official fix is applied.", "description_and_impact": "This vulnerability allows the disclosure of sensitive information from Tanium Server. The weakness is classified as CWE\u2011522, indicating that privileged information may be exposed to unauthorized parties.", "risk_and_exploitability": "The CVSS score for this issue is 2.7, indicating low severity. No EPSS score is available, so the exploitation probability is unknown. The vulnerability is not listed in CISA KEV, suggesting it is not currently being actively exploited. The likely attack vector is not explicitly documented, but based on the nature of an information disclosure, an attacker would need a level of access that allows them to query the Tanium Server or read its configuration data. Given the low severity and lack of known exploits, the risk to confidentiality is limited, but remediation is still advised to prevent potential data exposure."}}}}, "created": "2026-04-22T04:30:05.297827+00:00", "updated": "2026-04-22T11:44:50.684299+00:00", "vendors": ["tanium", "tanium$PRODUCT$tanium_server"]}