CVE-2026-1344
📋 TL;DR
CVE-2026-1344 is an insecure file permissions vulnerability in Tanium's Enforce Recovery Key Portal that could allow unauthorized users to access sensitive files. This affects organizations using Tanium's endpoint management platform with the Enforce module enabled. Attackers could potentially read or modify critical system files.
💻 Affected Systems
- Tanium Enforce Recovery Key Portal
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to the Tanium server, compromise all managed endpoints, and exfiltrate sensitive organizational data.
Likely Case
Unauthorized users access sensitive configuration files, potentially leading to credential theft or system manipulation.
If Mitigated
Proper file permission controls and network segmentation prevent exploitation, limiting impact to isolated systems.
🎯 Exploit Status
Exploitation requires some level of access to the Tanium server environment.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Tanium Enforce 7.5.6 or later
Vendor Advisory: https://security.tanium.com/TAN-2026-003
Restart Required: Yes
Instructions:
1. Download Tanium Enforce version 7.5.6 or later from Tanium support portal. 2. Backup current configuration. 3. Install the update following Tanium's deployment guide. 4. Restart Tanium services.
🔧 Temporary Workarounds
Restrict File Permissions
linuxManually adjust file permissions on Tanium Enforce directories to restrict access.
chmod 750 /opt/Tanium/TaniumEnforce/
chown tanium:tanium /opt/Tanium/TaniumEnforce/ -R
Network Segmentation
allIsolate Tanium servers from general network access.
🧯 If You Can't Patch
- Implement strict access controls and monitor file access attempts on Tanium servers.
- Disable the Recovery Key Portal feature if not required for operations.
🔍 How to Verify
Check if Vulnerable:
Check Tanium Enforce version via Tanium Console or run: tanium-enforce --versionCheck Version:
tanium-enforce --versionVerify Fix Applied:
Verify version is 7.5.6 or later and check file permissions on Enforce directories.📡 Detection & Monitoring
Log Indicators:
- Unauthorized file access attempts in Tanium audit logs
- Permission change events on Tanium directories
Network Indicators:
- Unusual connections to Tanium server on non-standard ports
SIEM Query:
source="tanium" AND (event_type="file_access" OR event_type="permission_change") AND target_path="*TaniumEnforce*"