CVE-2026-2350
Sensitive Data Exposure via Log Injection in Tanium Interact and TDS
Publication date: 2026-02-20
Last updated on: 2026-02-27
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | interact | From 3.2.0 (inc) to 3.2.196 (exc) |
| tanium | interact | From 3.5.0 (inc) to 3.5.102 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2350 is a medium-severity vulnerability affecting Tanium Interact and Tanium Data Service (TDS) products. It involves the insertion of sensitive information, such as session data and API tokens, into TDS log files.
An attacker who gains access to these log files could read this sensitive data, potentially compromising security.
The vulnerability affects specific versions of Tanium Interact and TDS prior to certain updates, and it has been fixed in later versions.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can impact you by exposing sensitive information such as session data and API tokens through log files.'}, {'type': 'paragraph', 'content': "If an attacker accesses these logs, they could use the exposed tokens and session data to compromise your system's security."}, {'type': 'paragraph', 'content': 'This could lead to unauthorized access or actions within your Tanium environment.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you should review the Tanium Data Service (TDS) log files for entries containing sensitive information such as session data and API tokens.'}, {'type': 'paragraph', 'content': 'Specifically, look for log entries containing the pattern "token-" which indicates the presence of API tokens in the logs.'}, {'type': 'paragraph', 'content': 'A suggested command to search for these tokens in log files on a Unix-like system could be:'}, {'type': 'list_item', 'content': 'grep -r "token-" /path/to/tds/logs/'}, {'type': 'paragraph', 'content': 'Replace "/path/to/tds/logs/" with the actual directory path where TDS logs are stored.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include upgrading affected Tanium products to fixed versions:'}, {'type': 'list_item', 'content': 'For 2024H2 Release: Upgrade Interact to Update 21 (v3.2.196) or later.'}, {'type': 'list_item', 'content': 'For 2025H1 Release: Upgrade Interact to Update 14 (v3.5.102) or later.'}, {'type': 'list_item', 'content': 'For 2025H2 Release: Upgrade TDS to Update 5 (v4.1.257) or later.'}, {'type': 'paragraph', 'content': 'Additional recommended actions for Tanium On-premises users:'}, {'type': 'list_item', 'content': 'Rotate credentials for the TDS service account.'}, {'type': 'list_item', 'content': 'Stop the Tanium Server service for at least 10 minutes or the session timeout duration to invalidate existing sessions; in active-active deployments, stop the service on both servers simultaneously.'}, {'type': 'list_item', 'content': 'Review TDS logs for entries containing the "token-" pattern and rotate any API tokens found in the logs.'}, {'type': 'paragraph', 'content': 'For Tanium Cloud users, rotate all API tokens.'}, {'type': 'paragraph', 'content': 'No other workarounds or mitigations are provided.'}] [1]