CVE-2022-4991
Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
CVSS Score
7.4
EPSS Score
0.0%
EPSS Percentile
5th
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.
| Vendor | tychon |
| Product | tychon |
| Published | Jun 1, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for tychon tychon
Be the first to know when new high vulnerabilities affecting tychon tychon are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Tychon / Tychon
* < 1.7.857.82