{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6416", "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "state": "PUBLISHED", "assignerShortName": "Tanium", "dateReserved": "2026-04-15T23:55:39.808Z", "datePublished": "2026-04-22T01:46:19.376Z", "dateUpdated": "2026-04-22T12:57:59.571Z"}, "containers": {"cna": {"affected": [{"product": "Interact", "vendor": "Tanium", "versions": [{"version": "3.2.0", "status": "affected", "lessThan": "3.2.202", "versionType": "custom"}, {"version": "3.5.0", "status": "affected", "lessThan": "3.5.108", "versionType": "custom"}, {"version": "3.8.0", "status": "affected", "lessThan": "3.8.47", "versionType": "custom"}], "cpes": ["cpe:2.3:a:tanium:service_interact:3.2.196:*:*:*:*:*:*:*", "cpe:2.3:a:tanium:service_interact:3.5.102:*:*:*:*:*:*:*", "cpe:2.3:a:tanium:service_interact:3.8.46:*:*:*:*:*:*:*"]}], "credits": [{"lang": "en", "type": "reporter", "value": "Eric Bester"}], "dateAssigned": "2026-04-15T23:55:39.195Z", "datePublic": "2026-04-22T01:46:08.322Z", "descriptions": [{"lang": "en", "value": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "shortName": "Tanium", "dateUpdated": "2026-04-22T01:46:19.376Z"}, "references": [{"name": "TAN-2026-010", "url": "https://security.tanium.com/TAN-2026-010"}], "title": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact."}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T12:57:48.199961Z", "id": "CVE-2026-6416", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:57:59.571Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6416", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T12:57:48.199961Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:57:53.593Z"}}], "cna": {"title": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact.", "credits": [{"lang": "en", "type": "reporter", "value": "Eric Bester"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"cpes": ["cpe:2.3:a:tanium:service_interact:3.2.196:*:*:*:*:*:*:*", "cpe:2.3:a:tanium:service_interact:3.5.102:*:*:*:*:*:*:*", "cpe:2.3:a:tanium:service_interact:3.8.46:*:*:*:*:*:*:*"], "vendor": "Tanium", "product": "Interact", "versions": [{"status": "affected", "version": "3.2.0", "lessThan": "3.2.202", "versionType": "custom"}, {"status": "affected", "version": "3.5.0", "lessThan": "3.5.108", "versionType": "custom"}, {"status": "affected", "version": "3.8.0", "lessThan": "3.8.47", "versionType": "custom"}]}], "datePublic": "2026-04-22T01:46:08.322Z", "references": [{"url": "https://security.tanium.com/TAN-2026-010", "name": "TAN-2026-010"}], "dateAssigned": "2026-04-15T23:55:39.195Z", "descriptions": [{"lang": "en", "value": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "shortName": "Tanium", "dateUpdated": "2026-04-22T01:46:19.376Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6416", "state": "PUBLISHED", "dateUpdated": "2026-04-22T12:57:59.571Z", "dateReserved": "2026-04-15T23:55:39.808Z", "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512", "datePublished": "2026-04-22T01:46:19.376Z", "assignerShortName": "Tanium"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tanium:interact:*:*:*:*:*:*:*:*", "matchCriteriaId": "933FD5D0-DA5F-4CE1-A367-D2E3A2690C51", "versionEndExcluding": "3.2.202", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tanium:interact:*:*:*:*:*:*:*:*", "matchCriteriaId": "230312E3-7CAF-4CC7-A2ED-AD43993955A9", "versionEndExcluding": "3.5.108", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tanium:interact:*:*:*:*:*:*:*:*", "matchCriteriaId": "13988C7C-4A18-4490-B4B4-E65519A4E10C", "versionEndExcluding": "3.8.47", "versionStartIncluding": "3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tanium addressed an uncontrolled resource consumption vulnerability in Interact."}], "id": "CVE-2026-6416", "lastModified": "2026-05-06T18:38:17.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T03:16:01.643", "references": [{"source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "tags": ["Vendor Advisory"], "url": "https://security.tanium.com/TAN-2026-010"}], "sourceIdentifier": "3938794e-25f5-4123-a1ba-5cbd7f104512", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "3938794e-25f5-4123-a1ba-5cbd7f104512", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.2.0,3.2.202)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.5.0,3.5.108)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.8.0,3.8.47)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Interact", "source": "cna", "vendor": "Tanium"}, "product": "interact", "vendor": "tanium"}, {"configurations": [{"platform": ["*"], "status": "affected", "versions": {"scheme": "semver", "value": "[3.2.0,3.2.202)"}}, {"platform": ["*"], "status": "affected", "versions": {"scheme": "semver", "value": "[3.5.0,3.5.108)"}}, {"platform": ["*"], "status": "affected", "versions": {"scheme": "semver", "value": "[3.8.0,3.8.47)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "service_interact", "vendor": "tanium"}], "analysis": {"en": {"generated_at": "2026-04-22T04:22:40.679061+00:00", "value": {"mitigation_remediation": ["Download and apply the latest Tanium Interact update that contains the resource\u2011usage fix.", "Restrict external access to the Interact service using firewall rules or VPNs to limit exposure to potential attackers.", "Configure application\u2011level resource limits or enable monitoring to detect abnormal CPU or memory usage patterns."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is Tanium Interact. Vulnerable releases include version 3.2.196, 3.5.102 and 3.8.46.", "description_and_impact": "Tanium Interact contains an uncontrolled resource consumption flaw (CWE\u2011400) that allows an attacker to cause the service to allocate excessive system resources. Such over\u2011consumption can result in degraded performance or a complete denial of service to legitimate users. The vulnerability is confined to the Interact component and does not directly lead to code execution or data exfiltration.", "risk_and_exploitability": "The CVSS score of 2.7 indicates a low severity risk. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting low likelihood of widespread exploitation. Based on the nature of the flaw, the attack vector is inferred to be remote or local access to the Interact service where a malicious client can trigger excessive resource usage. The impact is primarily to availability rather than confidentiality or integrity."}}}}, "created": "2026-04-22T04:30:05.159798+00:00", "updated": "2026-04-22T04:30:05.300247+00:00", "vendors": ["tanium", "tanium$PRODUCT$interact", "tanium$PRODUCT$service_interact"]}