CVE-2026-1344
Insecure File Permissions in Tanium Enforce Recovery Key Portal
Publication date: 2026-02-18
Last updated on: 2026-03-09
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | enforce_recovery_key_portal | From 1.0.0 (inc) to 1.62.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1344 is a medium severity vulnerability affecting the Tanium Enforce Recovery Key Portal versions from v1.0.0 up to but not including v1.62.5.
The vulnerability arises from insecure file permissions that could allow an attacker with local access to the system hosting the portal to gain unauthorized read-only access to sensitive data.
It requires low privileges and no user interaction, but the attack vector is local, meaning the attacker must have local access to the system.
The vulnerability impacts confidentiality with high severity but does not affect integrity or availability.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with local access to the system hosting the Enforce Recovery Key Portal to gain unauthorized read-only access to sensitive data.
Such unauthorized access could lead to exposure of confidential information, potentially compromising security and privacy.
However, the attacker cannot modify data or disrupt system availability through this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability arises from insecure file permissions on the system hosting the Enforce Recovery Key Portal, which could allow unauthorized local read-only access to sensitive data.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability, you should check the file permissions of the installation folder and related files of the Enforce Recovery Key Portal to ensure they are not overly permissive.'}, {'type': 'list_item', 'content': "Use commands like 'ls -l' on Unix/Linux systems to inspect file permissions in the installation directory."}, {'type': 'list_item', 'content': 'Verify that only authorized users have read access to sensitive files related to the portal.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local access, monitoring for unauthorized local access attempts or unexpected permission changes can also help detect exploitation.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Enforce Recovery Key Portal to version 1.62.5 or later, where this vulnerability has been addressed.
If you suspect unauthorized access to the installation folder, immediately rotate the server key, API token, and recovery keys to prevent further unauthorized data access.
No other workarounds or acknowledgements were provided, so updating and key rotation are critical.