CVE-2026-0925
Unknown Unknown - Not Provided
Improper Input Validation in Tanium Discover Enables Potential Exploits

Publication date: 2026-01-26

Last updated on: 2026-03-09

Assigner: Tanium

Description
Tanium addressed an improper input validation vulnerability in Discover.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0925
EUVD
EUVD-2026-4676
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tanium discover From 4.15 (inc) to 4.15.130 (exc)
tanium discover From 4.10 (inc) to 4.10.134 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0925 is an uncontrolled resource consumption vulnerability in Tanium Discover. It allows an authenticated user with Discover Settings Write permission to perform a denial of service (DoS) attack by exploiting improper input validation. [1]

Impact Analysis

This vulnerability can impact you by enabling an authenticated user with the appropriate permissions to cause a denial of service (DoS) attack on Tanium Discover, potentially disrupting service availability. [1]

Mitigation Strategies

To mitigate this vulnerability, you should update Tanium Discover to the fixed versions: Update v20 (v4.10.134) or later for 2024H2, Update v13 (v4.10.134) or later for 2025H1, and Update v3 (v4.15.130) or later for 2025H2. No other workarounds or mitigations are available. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0925. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart