Tanium Discover Improper Input Validation Vulnerability Allowing SQL Query Manipulation

Vulnerability

An improper input validation vulnerability has been identified in Tanium Discover, prior to version 4.10.90. This vulnerability could enable an authenticated Tanium user with the 'Discover - API Execute' permission to manipulate the SQL query executed by the Discover service.

Impact

Exploitation of this vulnerability could allow for unauthorized modification of SQL queries, potentially leading to SQL injection or other database-related attacks.

Added: Feb 5, 2026, 7:32 PM

Updated: Feb 5, 2026, 8:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tanium Discover Improper Input Validation Vulnerability Allowing SQL Query Manipulation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating