Tanium Deploy Improper Input Validation Vulnerability Allowing Unauthorized Code Execution

Vulnerability

An improper input validation vulnerability has been identified in Tanium Deploy, specifically in versions prior to v2.26.1279 for the 7.4 and 7.5 releases, and in the 2024H2 release prior to Update 3 (v2.30.175). This vulnerability could enable an authenticated Tanium user with specific permissions to execute unauthorized code on all endpoints within the Deploy context.

Impact

Exploitation of this vulnerability could allow an authenticated user with the 'Deploy Deployment - Write' and 'Deploy Software Package - Write' permissions to execute unauthorized code on endpoints, affecting the Deploy application.

Added: Feb 5, 2026, 7:29 PM

Updated: Feb 5, 2026, 8:57 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tanium Deploy Improper Input Validation Vulnerability Allowing Unauthorized Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating