CVE-2026-2350
Received Received - Intake

Sensitive Data Exposure via Log Injection in Tanium Interact and TDS

Vulnerability report for CVE-2026-2350, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-20

Last updated on: 2026-02-27

Assigner: Tanium

Description

Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-20
Last Modified
2026-02-27
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tanium interact From 3.2.0 (inc) to 3.2.196 (exc)
tanium interact From 3.5.0 (inc) to 3.5.102 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-2350 is a medium-severity vulnerability affecting Tanium Interact and Tanium Data Service (TDS) products. It involves the insertion of sensitive information, such as session data and API tokens, into TDS log files.

An attacker who gains access to these log files could read this sensitive data, potentially compromising security.

The vulnerability affects specific versions of Tanium Interact and TDS prior to certain updates, and it has been fixed in later versions.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can impact you by exposing sensitive information such as session data and API tokens through log files.'}, {'type': 'paragraph', 'content': "If an attacker accesses these logs, they could use the exposed tokens and session data to compromise your system's security."}, {'type': 'paragraph', 'content': 'This could lead to unauthorized access or actions within your Tanium environment.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you should review the Tanium Data Service (TDS) log files for entries containing sensitive information such as session data and API tokens.'}, {'type': 'paragraph', 'content': 'Specifically, look for log entries containing the pattern "token-" which indicates the presence of API tokens in the logs.'}, {'type': 'paragraph', 'content': 'A suggested command to search for these tokens in log files on a Unix-like system could be:'}, {'type': 'list_item', 'content': 'grep -r "token-" /path/to/tds/logs/'}, {'type': 'paragraph', 'content': 'Replace "/path/to/tds/logs/" with the actual directory path where TDS logs are stored.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include upgrading affected Tanium products to fixed versions:'}, {'type': 'list_item', 'content': 'For 2024H2 Release: Upgrade Interact to Update 21 (v3.2.196) or later.'}, {'type': 'list_item', 'content': 'For 2025H1 Release: Upgrade Interact to Update 14 (v3.5.102) or later.'}, {'type': 'list_item', 'content': 'For 2025H2 Release: Upgrade TDS to Update 5 (v4.1.257) or later.'}, {'type': 'paragraph', 'content': 'Additional recommended actions for Tanium On-premises users:'}, {'type': 'list_item', 'content': 'Rotate credentials for the TDS service account.'}, {'type': 'list_item', 'content': 'Stop the Tanium Server service for at least 10 minutes or the session timeout duration to invalidate existing sessions; in active-active deployments, stop the service on both servers simultaneously.'}, {'type': 'list_item', 'content': 'Review TDS logs for entries containing the "token-" pattern and rotate any API tokens found in the logs.'}, {'type': 'paragraph', 'content': 'For Tanium Cloud users, rotate all API tokens.'}, {'type': 'paragraph', 'content': 'No other workarounds or mitigations are provided.'}] [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2350. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart