Description
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.
Published: 2026-06-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Tychon incorporates an OpenSSL component that defines an OPENSSLDIR variable pointing to a subdirectory that may be writable by an unprivileged user on Windows. The application contains a privileged service that utilizes this component. By placing a specially crafted openssl.cnf file in the controllable directory, an attacker can cause the service to read that configuration and execute arbitrary code with SYSTEM privileges. This flaw represents a privilege escalation vulnerability that can lead to full system compromise.

Affected Systems

The single affected product is Tychon by the vendor Tychon. No specific versions or build numbers are listed, so all installations using the vulnerable OpenSSL integration are potentially impacted.

Risk and Exploitability

EPSS information is not available and the vulnerability is not listed in CISA’s KEV catalog, but the lack of publicly disclosed CVSS does not mitigate the inherent risk. The described attack requires local access to the machine so that the attacker can write the malicious configuration file to the controlled OpenSSL directory. Once placed, the privileged service will load the file and execute code with elevated SYSTEM rights, making exploitation straightforward for an attacker with local user privileges. The potential impact is high, as it bypasses all existing access controls and permits unrestricted code execution on the host.

Generated by OpenCVE AI on June 1, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict file system permissions so that only the SYSTEM account can write to the directory used for OPENSSLDIR and the openssl.cnf file
  • Upgrade Tychon to the latest version that addresses the OpenSSL configuration handling flaw
  • Disable or run the privileged service that consumes the vulnerable OpenSSL component only when necessary to limit exposure

Generated by OpenCVE AI on June 1, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.kb.cert.org/vuls/id/730007 cve-icon cve-icon
History

Mon, 01 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-250
CWE-755

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.
Title Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-01T15:49:12.319Z

Reserved: 2026-06-01T15:45:57.665Z

Link: CVE-2022-4991

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T17:16:23.143

Modified: 2026-06-01T18:02:29.343

Link: CVE-2022-4991

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T19:00:14Z

Weaknesses