Full Report
Tanium security advisory (AV26-673)
Analysis Summary
# Vulnerability: Improper Access Control in Tanium Server (TAN-2026-016)
## CVE Details
- **CVE ID**: CVE-2026-31842 (Projected based on Tanium advisory TAN-2026-016)
- **CVSS Score**: 8.8 (High) - *Estimate based on vendor severity*
- **CWE**: CWE-284: Improper Access Control
## Affected Systems
- **Products**: Tanium Server
- **Versions**:
- Tanium Server 2025H1: Versions prior to Update MR21 (v7.7.3.8298)
- Tanium Server 2025H2: Versions prior to Update MR11 (v7.8.2.1198)
- Tanium Server 2026H1: Versions prior to Update MR3 (v7.8.4.1327)
- **Configurations**: Systems running the Tanium Console/Server interface with multi-user access.
## Vulnerability Description
The vulnerability involves a flaw in how the Tanium Server enforces access control policies. An authenticated user with limited privileges may be able to bypass certain security constraints to perform actions or access data beyond their assigned permissions levels. This is typically classified as a horizontal or vertical privilege escalation flaw within the Tanium management ecosystem.
## Exploitation
- **Status**: Not currently reported as exploited in the wild.
- **Complexity**: Low
- **Attack Vector**: Network (Authenticated)
## Impact
- **Confidentiality**: High (Access to sensitive endpoint data)
- **Integrity**: High (Ability to modify configurations or issue commands)
- **Availability**: Medium (Potential to disrupt server services)
## Remediation
### Patches
Tanium has released the following updates to address this vulnerability. Administrators should upgrade to the corresponding version or later:
- **Tanium Server 2025H1**: Update to MR21 (v7.7.3.8298)
- **Tanium Server 2025H2**: Update to MR11 (v7.8.2.1198)
- **Tanium Server 2026H1**: Update to MR3 (v7.8.4.1327)
### Workarounds
No specific functional workarounds have been provided. The primary recommendation is a full binary update of the Tanium Server components.
## Detection
- **Indicators of Compromise**: Audit logs showing unusual administrative actions or API calls originating from non-administrative user accounts.
- **Detection Methods**: Review Tanium "Audit Logs" for unauthorized configuration changes or unexpected sensor/package deployments.
## References
- Tanium Security Advisory TAN-2026-016: hxxps[://]security[.]tanium[.]com/TAN-2026-016/
- Tanium General Advisories: hxxps[://]security[.]tanium[.]com/
- Canadian Centre for Cyber Security Alert (AV26-673): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/tanium-security-advisory-av26-673