CVE: CVE-2026-2435 ID: TAN-2026-004 Published Date: February 19, 2026 Severity: Medium Vulnerability Description Tanium addressed a SQL injection vulnerability in Asset. Severity: Base Score: 6.3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Impact This vulnerability could allow an authenticated Tanium user with the Asset Report Write permission to read, create, or modify objects in the Asset database that they may otherwise not have access to. Products Affected 2024H2 Release: - Asset prior to Update 21 (v1.32 to v1.32.179) 2025H1 Release: - Asset prior to Update 14 (v1.33 to v1.33.269) 2025H2 Release: - Asset prior to Update 5 (v1.36 to v1.36.108) Available Updates 2024H2 Release: - Update 21 (Asset v1.32.179) and later 2025H1 Release: - Update 14 (Asset v1.33.269) and later 2025H2 Release: - Update 5 (Asset v1.36.108) and later Workaround and Mitigations None. Acknowledgements None.