CVE-2026-2350
Received Received - Intake
Sensitive Data Exposure via Log Injection in Tanium Interact and TDS

Publication date: 2026-02-20

Last updated on: 2026-02-27

Assigner: Tanium

Description
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2350
EUVD
EUVD-2026-8011
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tanium interact From 3.2.0 (inc) to 3.2.196 (exc)
tanium interact From 3.5.0 (inc) to 3.5.102 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2350 is a medium-severity vulnerability affecting Tanium Interact and Tanium Data Service (TDS) products. It involves the insertion of sensitive information, such as session data and API tokens, into TDS log files.

An attacker who gains access to these log files could read this sensitive data, potentially compromising security.

The vulnerability affects specific versions of Tanium Interact and TDS prior to certain updates, and it has been fixed in later versions.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can impact you by exposing sensitive information such as session data and API tokens through log files.'}, {'type': 'paragraph', 'content': "If an attacker accesses these logs, they could use the exposed tokens and session data to compromise your system's security."}, {'type': 'paragraph', 'content': 'This could lead to unauthorized access or actions within your Tanium environment.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you should review the Tanium Data Service (TDS) log files for entries containing sensitive information such as session data and API tokens.'}, {'type': 'paragraph', 'content': 'Specifically, look for log entries containing the pattern "token-" which indicates the presence of API tokens in the logs.'}, {'type': 'paragraph', 'content': 'A suggested command to search for these tokens in log files on a Unix-like system could be:'}, {'type': 'list_item', 'content': 'grep -r "token-" /path/to/tds/logs/'}, {'type': 'paragraph', 'content': 'Replace "/path/to/tds/logs/" with the actual directory path where TDS logs are stored.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include upgrading affected Tanium products to fixed versions:'}, {'type': 'list_item', 'content': 'For 2024H2 Release: Upgrade Interact to Update 21 (v3.2.196) or later.'}, {'type': 'list_item', 'content': 'For 2025H1 Release: Upgrade Interact to Update 14 (v3.5.102) or later.'}, {'type': 'list_item', 'content': 'For 2025H2 Release: Upgrade TDS to Update 5 (v4.1.257) or later.'}, {'type': 'paragraph', 'content': 'Additional recommended actions for Tanium On-premises users:'}, {'type': 'list_item', 'content': 'Rotate credentials for the TDS service account.'}, {'type': 'list_item', 'content': 'Stop the Tanium Server service for at least 10 minutes or the session timeout duration to invalidate existing sessions; in active-active deployments, stop the service on both servers simultaneously.'}, {'type': 'list_item', 'content': 'Review TDS logs for entries containing the "token-" pattern and rotate any API tokens found in the logs.'}, {'type': 'paragraph', 'content': 'For Tanium Cloud users, rotate all API tokens.'}, {'type': 'paragraph', 'content': 'No other workarounds or mitigations are provided.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2350. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart