Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for TanOS by Tanium
CVE-2026-2605 (GCVE-0-2026-2605)
Vulnerability from nvd – Published: 2026-02-19 23:10 – Updated: 2026-03-02 15:51
VLAI?
Title
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Severity ?
5.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Date Public ?
2026-02-19 23:09
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:51:21.997907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:51:41.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0249",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0282",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
},
{
"lessThan": "1.8.6.0150",
"status": "affected",
"version": "1.8.6",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-16T21:37:14.785Z",
"datePublic": "2026-02-19T23:09:49.159Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:13:38.465Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-006",
"url": "https://security.tanium.com/TAN-2026-006"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2605",
"datePublished": "2026-02-19T23:10:02.867Z",
"dateReserved": "2026-02-16T21:37:15.555Z",
"dateUpdated": "2026-03-02T15:51:41.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15323 (GCVE-0-2025-15323)
Vulnerability from nvd – Published: 2026-02-05 18:12 – Updated: 2026-02-06 19:20
VLAI?
Title
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0199
(custom)
Affected: 1.8.4.0 , < 1.8.4.0205 (custom) Affected: 1.8.5.0 , < 1.8.5.0236 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0204:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0235:*:*:*:*:*:*:* |
Date Public ?
2025-10-02 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:20:26.658499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:20:34.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0204:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0235:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0199",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0205",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0236",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:02.561Z",
"datePublic": "2025-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:12:21.517Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-031",
"url": "https://security.tanium.com/TAN-2025-031"
}
],
"title": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15323",
"datePublished": "2026-02-05T18:12:21.517Z",
"dateReserved": "2025-12-29T23:13:02.858Z",
"dateUpdated": "2026-02-06T19:20:34.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15321 (GCVE-0-2025-15321)
Vulnerability from nvd – Published: 2026-02-05 18:20 – Updated: 2026-02-06 17:37
VLAI?
Title
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0196
(custom)
Affected: 1.8.5.0 , < 1.8.5.0199 (custom) Affected: 1.8.5.0 , < 1.8.5.0227 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:* |
Date Public ?
2025-08-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:17.139008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:27.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0196",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0199",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0227",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:00.595Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:20:39.404Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-024",
"url": "https://security.tanium.com/TAN-2025-024"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15321",
"datePublished": "2026-02-05T18:20:39.404Z",
"dateReserved": "2025-12-29T23:13:00.749Z",
"dateUpdated": "2026-02-06T17:37:27.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15312 (GCVE-0-2025-15312)
Vulnerability from nvd – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:02
VLAI?
Title
Tanium addressed an improper output sanitization vulnerability in TanOS.
Summary
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
Severity ?
6.6 (Medium)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0157 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:* |
Date Public ?
2025-01-22 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:02:02.740803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:02:11.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0157",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.375Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:06.378Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-003",
"url": "https://security.tanium.com/TAN-2025-003"
}
],
"title": "Tanium addressed an improper output sanitization vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15312",
"datePublished": "2026-02-05T18:26:06.378Z",
"dateReserved": "2025-12-29T23:12:53.559Z",
"dateUpdated": "2026-02-06T19:02:11.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15311 (GCVE-0-2025-15311)
Vulnerability from nvd – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:01
VLAI?
Title
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Summary
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Severity ?
7.8 (High)
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0149 (custom) Affected: 1.8.5.0 , < 1.8.5.0212 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:* |
Date Public ?
2025-01-22 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:01:19.848854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:01:30.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0149",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0212",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:52.865Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:23.251Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-002",
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15311",
"datePublished": "2026-02-05T18:26:23.251Z",
"dateReserved": "2025-12-29T23:12:53.054Z",
"dateUpdated": "2026-02-06T19:01:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13225 (GCVE-0-2025-13225)
Vulnerability from nvd – Published: 2025-11-19 02:44 – Updated: 2026-02-05 18:08
VLAI?
Title
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Summary
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Severity ?
5.6 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Date Public ?
2025-11-18 23:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:48:19.485366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:48:30.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0228:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0261:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0229",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0262",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-11-14T18:09:22.035Z",
"datePublic": "2025-11-18T23:53:45.523Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:08:22.929Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-036",
"url": "https://security.tanium.com/TAN-2025-036"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-13225",
"datePublished": "2025-11-19T02:44:55.622Z",
"dateReserved": "2025-11-15T00:07:09.359Z",
"dateUpdated": "2026-02-05T18:08:22.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2605 (GCVE-0-2026-2605)
Vulnerability from cvelistv5 – Published: 2026-02-19 23:10 – Updated: 2026-03-02 15:51
VLAI?
Title
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Severity ?
5.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Date Public ?
2026-02-19 23:09
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:51:21.997907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:51:41.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0249",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0282",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
},
{
"lessThan": "1.8.6.0150",
"status": "affected",
"version": "1.8.6",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-16T21:37:14.785Z",
"datePublic": "2026-02-19T23:09:49.159Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:13:38.465Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-006",
"url": "https://security.tanium.com/TAN-2026-006"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2605",
"datePublished": "2026-02-19T23:10:02.867Z",
"dateReserved": "2026-02-16T21:37:15.555Z",
"dateUpdated": "2026-03-02T15:51:41.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15311 (GCVE-0-2025-15311)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:01
VLAI?
Title
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Summary
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Severity ?
7.8 (High)
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0149 (custom) Affected: 1.8.5.0 , < 1.8.5.0212 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:* |
Date Public ?
2025-01-22 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:01:19.848854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:01:30.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0149",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0212",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:52.865Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:23.251Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-002",
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15311",
"datePublished": "2026-02-05T18:26:23.251Z",
"dateReserved": "2025-12-29T23:12:53.054Z",
"dateUpdated": "2026-02-06T19:01:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15312 (GCVE-0-2025-15312)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:02
VLAI?
Title
Tanium addressed an improper output sanitization vulnerability in TanOS.
Summary
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
Severity ?
6.6 (Medium)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0157 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:* |
Date Public ?
2025-01-22 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:02:02.740803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:02:11.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0157",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.375Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:06.378Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-003",
"url": "https://security.tanium.com/TAN-2025-003"
}
],
"title": "Tanium addressed an improper output sanitization vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15312",
"datePublished": "2026-02-05T18:26:06.378Z",
"dateReserved": "2025-12-29T23:12:53.559Z",
"dateUpdated": "2026-02-06T19:02:11.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15321 (GCVE-0-2025-15321)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:20 – Updated: 2026-02-06 17:37
VLAI?
Title
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0196
(custom)
Affected: 1.8.5.0 , < 1.8.5.0199 (custom) Affected: 1.8.5.0 , < 1.8.5.0227 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:* |
Date Public ?
2025-08-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:17.139008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:27.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0196",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0199",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0227",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:00.595Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:20:39.404Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-024",
"url": "https://security.tanium.com/TAN-2025-024"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15321",
"datePublished": "2026-02-05T18:20:39.404Z",
"dateReserved": "2025-12-29T23:13:00.749Z",
"dateUpdated": "2026-02-06T17:37:27.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15323 (GCVE-0-2025-15323)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:12 – Updated: 2026-02-06 19:20
VLAI?
Title
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0199
(custom)
Affected: 1.8.4.0 , < 1.8.4.0205 (custom) Affected: 1.8.5.0 , < 1.8.5.0236 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0204:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0235:*:*:*:*:*:*:* |
Date Public ?
2025-10-02 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:20:26.658499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:20:34.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0204:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0235:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0199",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0205",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0236",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:02.561Z",
"datePublic": "2025-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:12:21.517Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-031",
"url": "https://security.tanium.com/TAN-2025-031"
}
],
"title": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15323",
"datePublished": "2026-02-05T18:12:21.517Z",
"dateReserved": "2025-12-29T23:13:02.858Z",
"dateUpdated": "2026-02-06T19:20:34.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13225 (GCVE-0-2025-13225)
Vulnerability from cvelistv5 – Published: 2025-11-19 02:44 – Updated: 2026-02-05 18:08
VLAI?
Title
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Summary
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Severity ?
5.6 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Date Public ?
2025-11-18 23:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:48:19.485366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:48:30.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0228:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0261:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0229",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0262",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-11-14T18:09:22.035Z",
"datePublic": "2025-11-18T23:53:45.523Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:08:22.929Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-036",
"url": "https://security.tanium.com/TAN-2025-036"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-13225",
"datePublished": "2025-11-19T02:44:55.622Z",
"dateReserved": "2025-11-15T00:07:09.359Z",
"dateUpdated": "2026-02-05T18:08:22.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}