CVE-2026-9156
Denial of Service Vulnerability in Tanium Server
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | tanium_server | to 7.6.4.2190 (exc) |
| tanium | tanium_server | to 7.7.3.8274 (exc) |
| tanium | tanium_server | to 7.8.2.1176 (exc) |
| tanium | tanium_server | to 7.8.4.1298 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-772 | The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-9156 is a medium-severity denial of service vulnerability in Tanium Server. It allows an unauthenticated attacker with network access to send specially crafted malicious messages that exhaust the server's file descriptors and memory resources.
This exhaustion of resources can cause the Tanium Server to become unresponsive or crash, disrupting its normal operation.
How can this vulnerability impact me? :
The vulnerability can lead to a denial of service condition on the Tanium Server, making it unavailable to legitimate users.
This disruption can affect the availability of services and data managed by the Tanium Server, potentially impacting business operations that rely on it.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to apply the available patches for Tanium Server.
- For the 2024H2 release, update to Update 25 (v7.6.4.2190) or later.
- For the 2025H1 release, update to Update 19 (v7.7.3.8274) or later.
- For the 2025H2 release, update to Update 9 (v7.8.2.1176) or later.
- For the 2026H1 release, update to Update 0 (v7.8.4.1298) or later.
No workarounds or other mitigations are provided.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any impact of this denial of service vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.