Tanium Improper Access Control Vulnerability in Deploy and Patch Allowing Unauthorized Data Access

Vulnerability

An improper access control vulnerability has been identified in Tanium's Deploy and Patch products, specifically in Deploy versions 2.26 prior to 2.26.1253, 2.30 prior to 2.30.150, and Patch versions 3.17 prior to 3.17.2262 and 3.19 prior to 3.19.195. This vulnerability could enable an authenticated Tanium user with certain permissions to gain unauthorized read-only access to restricted data. In the Deploy product, this pertains to deployment-related information, while in the Patch product, it relates to patch list data.

Impact

Exploitation of this vulnerability could result in unauthorized read access to sensitive deployment or patch-related data, depending on the affected product.

Added: Feb 5, 2026, 7:31 PM

Updated: Feb 5, 2026, 8:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tanium Improper Access Control Vulnerability in Deploy and Patch Allowing Unauthorized Data Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating