CVE-2026-1292
Sensitive Data Exposure via Log Injection in Tanium Trends
Publication date: 2026-02-20
Last updated on: 2026-02-27
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | trends | From 3.10.0 (inc) to 3.10.20 (exc) |
| tanium | trends | From 3.11.0 (inc) to 3.11.79 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1292 is a medium-severity vulnerability in the Tanium Trends module that involves the insertion of sensitive information into log files.
This flaw allows an attacker with access to Trends module logs to read sensitive data such as sessions and API tokens.
The vulnerability affects specific versions of Tanium Trends prior to certain updates in the 2024H2, 2025H1, and 2025H2 releases.
How can this vulnerability impact me? :
An attacker who can access the Trends module logs may be able to obtain sensitive information such as session details and API tokens.
This could lead to unauthorized access to the system or services that use these tokens, potentially compromising security.
For Tanium On-prem users, this requires additional mitigations such as rotating service account credentials and reviewing logs for exposed tokens.
For Tanium Cloud users, rotating all API tokens is recommended to mitigate the impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the insertion of sensitive information such as sessions and API tokens into Tanium Trends module log files. Detection involves reviewing the Trends logs for any logged API tokens or sensitive session data.
Specifically, you should examine the Trends logs to identify if any sensitive information has been recorded. Commands or tools to search log files for API tokens or session data can be used, such as using grep or similar text search utilities on the log files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Tanium Trends module to a fixed version: Update 20 (v3.10.20) or later for 2024H2, Update 13 (v3.11.79) or later for 2025H1, and Update 3 (v3.11.79) or later for 2025H2.
- Rotate Trends service account credentials.
- Stop the Tanium Server service for at least 10 minutes to invalidate sessions (both servers concurrently in active-active deployments).
- Review Trends logs for any logged API tokens and rotate those tokens if found.
For Tanium Cloud users, rotate all API tokens.