CVE-2026-9156
Description
Tanium addressed a denial of service vulnerability in Tanium Server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated attacker with network access to the Tanium Server can exhaust file descriptors and memory via crafted messages, leading to denial of service.
Vulnerability
A denial of service vulnerability exists in Tanium Server, allowing an unauthenticated attacker with network access to send crafted messages that exhaust server file descriptors and memory. Affected versions include Tanium Server prior to Update 25 (v7.6.4.2190) for the 2024H2 release, prior to Update 19 (v7.7.3.8274) for the 2025H1 release, and prior to Update 9 (v7.8.2.1176) for the 2025H2 release [1].
Exploitation
An attacker with network access to the Tanium Server, requiring no authentication, can exploit this vulnerability by sending specially crafted messages to the server. This causes the server to exhaust its file descriptors and memory resources, leading to a denial of service condition [1].
Impact
Successful exploitation results in the exhaustion of server file descriptors and memory, causing a denial of service that may render the Tanium Server unresponsive or unable to process legitimate requests [1].
Mitigation
Tanium has addressed this vulnerability in the following fixed versions: Tanium Server v7.6.4.2190 (2024H2 Update 25), v7.7.3.8274 (2025H1 Update 19), v7.8.2.1176 (2025H2 Update 9), and v7.8.4.1298 (2026H1 Update 0). No workarounds are available [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.