CVE-2026-0925
Improper Input Validation in Tanium Discover Enables Potential Exploits
Publication date: 2026-01-26
Last updated on: 2026-03-09
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | discover | From 4.15 (inc) to 4.15.130 (exc) |
| tanium | discover | From 4.10 (inc) to 4.10.134 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0925 is an uncontrolled resource consumption vulnerability in Tanium Discover. It allows an authenticated user with Discover Settings Write permission to perform a denial of service (DoS) attack by exploiting improper input validation. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by enabling an authenticated user with the appropriate permissions to cause a denial of service (DoS) attack on Tanium Discover, potentially disrupting service availability. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Tanium Discover to the fixed versions: Update v20 (v4.10.134) or later for 2024H2, Update v13 (v4.10.134) or later for 2025H1, and Update v3 (v4.15.130) or later for 2025H2. No other workarounds or mitigations are available. [1]