CVE-2026-6416
Received Received - Intake
Uncontrolled Resource Consumption in Tanium Interact Causes Denial of Service

Publication date: 2026-04-22

Last updated on: 2026-05-06

Assigner: Tanium

Description
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6416
EUVD
EUVD-2026-24597
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tanium interact From 3.2.0 (inc) to 3.2.202 (exc)
tanium interact From 3.5.0 (inc) to 3.5.108 (exc)
tanium interact From 3.8.0 (inc) to 3.8.47 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should update Tanium Interact to a fixed version. The vulnerability is addressed in Update 23 (v3.2.202) and later for the 2024H2 release, Update 17 (v3.5.108) and later for the 2025H1 release, and Update 7 (v3.8.47) and later for the 2025H2 release.

No workarounds or other mitigations are provided.

Executive Summary

CVE-2026-6416 is an uncontrolled resource consumption vulnerability in Tanium Interact. It allows an authenticated user with the "Write Filter Group" permission to perform a denial of service (DoS) attack by exhausting system resources on the Interact workbench.

This vulnerability has a low severity with a CVSS 3.1 base score of 2.7.

Impact Analysis

The vulnerability can impact you by enabling a denial of service (DoS) attack on the Tanium Interact workbench. This means that an authenticated user with specific permissions can exhaust system resources, potentially causing the Interact service to become unavailable or degraded.

Mitigation Strategies

The vulnerability can be mitigated by applying the available updates to Tanium Interact.

  • Update to Update 23 (v3.2.202) or later for the 2024H2 release.
  • Update to Update 17 (v3.5.108) or later for the 2025H1 release.
  • Update to Update 7 (v3.8.47) or later for the 2025H2 release.

No workarounds or other mitigations are provided.

Executive Summary

CVE-2026-6416 is an uncontrolled resource consumption vulnerability in Tanium Interact. It allows an authenticated user with the "Write Filter Group" permission to perform a denial of service (DoS) attack by exhausting system resources on the Interact workbench.

This vulnerability affects versions of Interact prior to Update 23 (v3.2.202) in the 2024H2 release, prior to Update 17 (v3.5.108) in the 2025H1 release, and prior to Update 7 (v3.8.47) in the 2025H2 release.

Impact Analysis

The vulnerability can impact you by enabling a denial of service (DoS) attack on the Tanium Interact workbench. An attacker with the required permissions can exhaust system resources, potentially causing the service to become unavailable or degraded.

This could disrupt normal operations and affect availability of the Interact platform.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to apply the available updates for Tanium Interact.

  • Update to Update 23 (v3.2.202) or later for the 2024H2 release.
  • Update to Update 17 (v3.5.108) or later for the 2025H1 release.
  • Update to Update 7 (v3.8.47) or later for the 2025H2 release.

No workarounds or other mitigations are provided.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-6416 is an uncontrolled resource consumption vulnerability in Tanium Interact. It allows an authenticated user with the "Write Filter Group" permission to perform a denial of service (DoS) attack by exhausting system resources on the Interact workbench.

This vulnerability has a low severity with a CVSS 3.1 base score of 2.7.

Impact Analysis

The vulnerability can impact you by enabling a denial of service (DoS) attack on the Tanium Interact workbench. An authenticated user with specific permissions can exhaust system resources, potentially disrupting normal operations and availability of the Interact service.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Executive Summary

CVE-2026-6416 is an uncontrolled resource consumption vulnerability in Tanium Interact. It allows an authenticated user with the "Write Filter Group" permission to perform a denial of service (DoS) attack by exhausting system resources in the Interact workbench.

This vulnerability has a low severity with a CVSS 3.1 base score of 2.7.

Impact Analysis

The vulnerability can impact you by enabling a denial of service (DoS) attack on the Tanium Interact workbench, which could disrupt normal operations by exhausting system resources.

Only authenticated users with the "Write Filter Group" permission can exploit this vulnerability.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

The vulnerability can be mitigated by applying the available updates for Tanium Interact.

  • Update to Update 23 (v3.2.202) or later for the 2024H2 release.
  • Update to Update 17 (v3.5.108) or later for the 2025H1 release.
  • Update to Update 7 (v3.8.47) or later for the 2025H2 release.

No workarounds or other mitigations are provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6416. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart