216.73.217.80

CVE-2022-4991

· Published 01/06/2026 17:16 · Modified 02/06/2026 17:16

Labels: CVE-2022-4991 2026-06-01CVE-2022-4991[email protected]

Essential information

Published
01/06/2026 17:16
Modified
02/06/2026 17:16
Author
Creator
CVSS
7.4 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
tychon / tychon cpe:2.3:a:tychon:tychon:*:*:*:*:*:*:*:*
openssl / openssl cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

References