Login Sign Up

CVE-2026-2605

5.3 MEDIUM

📋 TL;DR

Tanium's TanOS logs sensitive information that could be exposed to unauthorized users. This affects organizations using vulnerable Tanium deployments where logs are accessible to users with insufficient privileges.

💻 Affected Systems

Products:
  • Tanium TanOS
Versions: Specific versions not detailed in advisory; check Tanium security bulletin for exact range
Operating Systems: All platforms running Tanium
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default logging configuration of affected TanOS versions.

📦 What is this software?

Tanos by Tanium

View all CVEs affecting Tanos →

Tanos by Tanium

View all CVEs affecting Tanos →

Tanos by Tanium

View all CVEs affecting Tanos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to sensitive credentials, API keys, or configuration data from log files, leading to lateral movement or full system compromise.

🟠

Likely Case

Internal users with log access discover sensitive operational data, potentially violating compliance requirements or enabling privilege escalation.

🟢

If Mitigated

Log files remain inaccessible to unauthorized users, limiting exposure to only administrators with proper access controls.

🌐 Internet-Facing: LOW - Log files are typically not exposed externally unless misconfigured.
🏢 Internal Only: MEDIUM - Internal users with log access could extract sensitive information if proper access controls aren't enforced.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires access to log files containing sensitive data

Exploitation depends on attacker gaining access to log storage locations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tanium security advisory TAN-2026-006 for specific patched versions

Vendor Advisory: https://security.tanium.com/TAN-2026-006

Restart Required: Yes

Instructions:

1. Review Tanium advisory TAN-2026-006. 2. Update TanOS to patched version. 3. Restart Tanium services. 4. Verify logging no longer contains sensitive data.

🔧 Temporary Workarounds

Restrict log file access

linux

Apply strict file permissions to Tanium log directories to prevent unauthorized access

chmod 640 /var/log/tanium/*
chown root:tanium /var/log/tanium/*

Enable log encryption

all

Configure Tanium to encrypt sensitive log entries

🧯 If You Can't Patch

  • Implement strict access controls on log storage directories
  • Regularly audit and sanitize log files for sensitive information

🔍 How to Verify

Check if Vulnerable:

Review Tanium logs for presence of credentials, API keys, or other sensitive data in plaintext

Check Version:

tanium version

Verify Fix Applied:

After patching, confirm sensitive data is no longer logged in plaintext and check TanOS version

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to log directories
  • Log files containing credentials or sensitive strings

Network Indicators:

  • Unusual access patterns to log storage locations

SIEM Query:

source="tanium_logs" AND (password OR secret OR api_key OR token) NOT encrypted

📊 Metadata

CVE ID: CVE-2026-2605
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-532
Published: February 20, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2605, you might also want to check these:

CVE-2021-32724 9.9

CVE-2021-32724 is a critical vulnerability in the check-spelling GitHub Action that allows attackers...

Same vulnerability type (CWE-532)
CVE-2022-36407 9.9

This vulnerability allows local users to gain sensitive information through insertion of sensitive d...

Same vulnerability type (CWE-532)
CVE-2025-6391 9.8

Brocade ASCG versions before 3.3.0 log JSON Web Tokens (JWT) in plain text within log files. Attacke...

Same vulnerability type (CWE-532)