Tanium Enforce Recovery Key Portal Insecure File Permissions Vulnerability (CVE-2026-1344)

## Critical Vulnerability Information * **CVE Number**: CVE-2026-1344 * **Tanium Number**: TAN-2026-003 * **Release Date**: February 17, 2026 * **Vulnerability Description**: Tanium discovered an insecure file permissions vulnerability. ## Vulnerability Severity * **Severity**: Medium * **Base Score**: 6.5 * **CVSS Vector**: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N ## Impact This vulnerability could allow an attacker with access to the system running the Enforce Recovery Key Portal to gain read-only access to data they should not have access to. ## Affected Products * Enforce Recovery Key Portal from v1.0.0 up to but not including v1.62.5 ## Available Updates * Enforce Recovery Key Portal v1.62.5 Customers are advised to download the latest Enforce Recovery Key Portal from the Enforce workbench in Tanium Console. Additionally, if users believe the Enforce Recovery Key Portal installation folder may have been accessed by unauthorized parties: - Rotate the server key during installation. - Rotate the API token. - Rotate the recovery key. For more information, visit https://help.tanium.com/bundle/ug_enforce_cloud/page/enforce/recovery-portal.html. ## Temporary Workarounds and Mitigations None. ## Acknowledgments None.

Goal Reached Thanks to every supporter — we hit 100%!

Tanium Enforce Recovery Key Portal Insecure File Permissions Vulnerability (CVE-2026-1344)