CVE-2026-1344
Received Received - Intake
Insecure File Permissions in Tanium Enforce Recovery Key Portal

Publication date: 2026-02-18

Last updated on: 2026-03-09

Assigner: Tanium

Description
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1344
EUVD
EUVD-2026-8065
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tanium enforce_recovery_key_portal From 1.0.0 (inc) to 1.62.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1344 is a medium severity vulnerability affecting the Tanium Enforce Recovery Key Portal versions from v1.0.0 up to but not including v1.62.5.

The vulnerability arises from insecure file permissions that could allow an attacker with local access to the system hosting the portal to gain unauthorized read-only access to sensitive data.

It requires low privileges and no user interaction, but the attack vector is local, meaning the attacker must have local access to the system.

The vulnerability impacts confidentiality with high severity but does not affect integrity or availability.

Impact Analysis

This vulnerability can allow an attacker with local access to the system hosting the Enforce Recovery Key Portal to gain unauthorized read-only access to sensitive data.

Such unauthorized access could lead to exposure of confidential information, potentially compromising security and privacy.

However, the attacker cannot modify data or disrupt system availability through this vulnerability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability arises from insecure file permissions on the system hosting the Enforce Recovery Key Portal, which could allow unauthorized local read-only access to sensitive data.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability, you should check the file permissions of the installation folder and related files of the Enforce Recovery Key Portal to ensure they are not overly permissive.'}, {'type': 'list_item', 'content': "Use commands like 'ls -l' on Unix/Linux systems to inspect file permissions in the installation directory."}, {'type': 'list_item', 'content': 'Verify that only authorized users have read access to sensitive files related to the portal.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local access, monitoring for unauthorized local access attempts or unexpected permission changes can also help detect exploitation.'}] [1]

Mitigation Strategies

The primary mitigation step is to update the Enforce Recovery Key Portal to version 1.62.5 or later, where this vulnerability has been addressed.

If you suspect unauthorized access to the installation folder, immediately rotate the server key, API token, and recovery keys to prevent further unauthorized data access.

No other workarounds or acknowledgements were provided, so updating and key rotation are critical.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1344. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart