CVE-2026-9207
Unauthorized Code Execution in Tanium Connect
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | connect | to 5.26.191 (exc) |
| tanium | connect | to 5.29.237 (exc) |
| tanium | connect | to 5.37.140 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-9207 is an unauthorized code execution vulnerability in Tanium Connect. It allows an authenticated Tanium user who has the Connect Write permission to execute unauthorized code within the context of the Connect service running on the Tanium Module Server. This vulnerability specifically affects customers running the Tanium Module Server on Windows.
The affected versions include the 2024H2 Release (Connect prior to Update 25 v5.26.191), the 2025H1 Release (Connect prior to Update 19 v5.29.237), and the 2025H2 Release (Connect prior to Update 9 v5.37.140).
Tanium has released updates to address this vulnerability, but no workarounds or mitigations are provided.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows an authenticated user with certain permissions to execute unauthorized code on the Tanium Module Server. This could lead to full compromise of the Connect service, potentially affecting confidentiality, integrity, and availability of the system.
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
Because the vulnerability requires authentication with specific permissions, the risk is limited to users who already have Connect Write permission, but the severity remains high due to the level of control gained.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update your Tanium Connect product to a fixed version. The affected versions are prior to Update 25 (v5.26.191) for the 2024H2 Release, prior to Update 19 (v5.29.237) for the 2025H1 Release, and prior to Update 9 (v5.37.140) for the 2025H2 Release. Additionally, for the 2026H1 Release, update to Update 0 (v5.47.95) or later.
No workarounds or other mitigations are provided.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the unauthorized code execution vulnerability in Tanium Connect (CVE-2026-9207) affects compliance with common standards and regulations such as GDPR or HIPAA.