Primary

Context

Tanium Asset SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Tanium Asset, affecting multiple release versions prior to specific update releases. This vulnerability allows an authenticated Tanium user with the Asset Report Write permission to read, create, or modify objects in the Asset database that they may not typically have access to.

Impact

Exploitation of this vulnerability could lead to unauthorized reading, creation, or modification of objects in the Asset database, bypassing normal access controls.

Remediation

Users can update to Asset version 1.32.179 or later, version 1.33.269 or later, or version 1.36.108 or later, depending on their current release.

Added: Feb 20, 2026, 12:18 AM

Updated: Feb 20, 2026, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tanium Asset SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating