Volerion logoVolerion
Volerion logoVolerion

Tanium Server Information Disclosure Vulnerability

Vulnerability

An information disclosure vulnerability has been identified in Tanium Server. This vulnerability exists in the 2024H2 release prior to Update 23, the 2025H1 release prior to Update 17, and the 2025H2 release prior to Update 7. The issue allows an authenticated user with the Administrator role or 'Write Downloader Authentication' permission to access credentials used for remote source download authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized retrieval of download authentication credentials by an authenticated Tanium user with administrative privileges.

Remediation

Users can update to Tanium Server v7.6.4.2185 (Update 23), v7.7.3.8266 (Update 17), or v7.8.2.1168 (Update 7). Additionally, it is recommended to rotate any credentials that may have been compromised by a Tanium user with administrative rights or 'Write Downloader Authentication' permission.

Added: Apr 22, 2026, 3:20 AM
Updated: Apr 22, 2026, 3:20 AM

Vulnerability Rating

Custom Algorithm
spread
6.8
impact
2.5
exploitability
4.4
remediation
7.9
relevance
6.5
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.