CVE-2022-4991 Tychon CVE debrief

Who should care

Organizations running Tychon software on Windows endpoints; security teams managing endpoint detection and response (EDR) or compliance tooling deployments; Windows system administrators responsible for service hardening.

Technical summary

On Windows installations, Tychon bundles an OpenSSL component configured with an OPENSSLDIR variable pointing to a subdirectory that unprivileged users may be able to write to. Because a Tychon service runs with SYSTEM privileges and loads this OpenSSL component, an attacker with local user access can place a malicious openssl.cnf configuration file in the predictable path. OpenSSL processes this configuration file during initialization, which can lead to arbitrary code execution in the context of the privileged service. This represents a classic privileged service configuration weakness where a low-privilege user controls resources consumed by a high-privilege process.

Defensive priority

critical

Recommended defensive actions

• Restrict write access to the Tychon installation directory and any OpenSSL OPENSSLDIR paths to prevent unprivileged users from placing crafted openssl.cnf files.
• Apply principle of least privilege to Tychon service accounts where possible pending vendor patch.
• Monitor for unexpected openssl.cnf files in application directories and service execution paths.
• Track CERT/CC VU#730007 and vendor security advisories for patch availability.
• Review Windows service configurations for Tychon components to identify exposure surface.

Evidence notes

CVE published 2026-06-01; NVD status Awaiting Analysis. CERT/CC VU#730007 referenced as authoritative source. Vendor identity marked unknown in source data and flagged for review.

Official resources