PatchSiren cyber security CVE debrief
CVE-2026-9156 Tanium CVE debrief
Tanium addressed a denial of service vulnerability in Tanium Server. The vulnerability was published on 2026-05-27 with a CVSS 3.1 score of 6.5 (MEDIUM severity). The NVD entry indicates a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, though this vector appears inconsistent with the described denial of service impact—analysts should verify the official Tanium advisory for authoritative scoring details. The weakness is classified as CWE-772 (Missing Release of Resource after Effective Lifetime). No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA KEV. Organizations using Tanium Server should consult the vendor security advisory for patch availability and deployment guidance.
- Vendor
- Tanium
- Product
- Tanium Server
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
Organizations running Tanium Server for endpoint management and security operations; security teams responsible for vulnerability management in enterprise endpoint protection platforms.
Technical summary
CVE-2026-9156 is a denial of service vulnerability in Tanium Server. The underlying weakness relates to missing release of resource after effective lifetime (CWE-772), which can lead to resource exhaustion. The vulnerability requires low attack complexity and low privileges, with network attack vector. Organizations should prioritize obtaining and applying patches from Tanium per their security advisory TAN-2026-013.
Defensive priority
medium
Recommended defensive actions
- Review Tanium security advisory TAN-2026-013 for official patch information and deployment instructions
- Verify actual CVSS scoring with vendor documentation due to vector/description inconsistency
- Assess Tanium Server deployment exposure to network-accessible attack vectors
- Monitor Tanium security channels for updated guidance or revised scoring
- Apply vendor-recommended patches according to organizational change management procedures
Evidence notes
CVE description states denial of service; CVSS vector from NVD source metadata shows C:H/I:N/A:N which suggests confidentiality impact rather than availability—this discrepancy warrants verification against the primary vendor source.
Official resources
-
CVE-2026-9156 CVE record
CVE.org
-
CVE-2026-9156 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
3938794e-25f5-4123-a1ba-5cbd7f104512
2026-05-27