关键漏洞信息 漏洞编号: CVE-2026-1344 Tanium编号: TAN-2026-003 发布日期: February 17, 2026 漏洞描述: Tanium discovered an insecure file permissions vulnerability. 漏洞严重性 严重程度: Medium Base Score: 6.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 影响 This vulnerability could allow an attacker with access to the system running the Enforce Recovery Key Portal to gain read-only access to data they should not have access to. 受影响产品 Enforce Recovery Key Portal from v1.0.0 up to but not including v1.62.5 可用更新 Enforce Recovery Key Portal v1.62.5 建议客户在Tanium Console的Enforce workbench中下载最新的Enforce Recovery Key Portal。 另外,如果用户认为Enforce Recovery Key Portal安装文件夹可能已被未经授权的组织访问: - 在安装过程中旋转服务器密钥。- 旋转API令牌。- 旋转恢复密钥。 有关更多信息,请访问https://help.tanium.com/bundle/ug_enforce_cloud/page/enforce/recovery-portal.html。 临时方案和缓解措施 没有。 致谢 无。