CVE-2026-9156
Published: 27 May 2026
Summary
CVE-2026-9156 is a medium-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Tanium Server. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application Exhaustion Flood (T1499.003); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-32034
Vulnerability details
Tanium addressed a denial of service vulnerability in Tanium Server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-772 resource exhaustion directly enables application-layer DoS against the Tanium Server service.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses.