PatchSiren

osquery CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH osquery CVE published 2026-07-10

CVE-2026-54001

A local unprivileged attacker can cause a heap buffer out-of-bounds write in osquery prior to 5.23.1 on Windows, potentially leading to local privilege escalation from standard user to SYSTEM. This issue is related to publisher information parsing in getOriginalProgramName when querying the authenticode table targeting a maliciously crafted binary. Users of osquery on Windows, especially those with unpriv [truncated]

HIGH osquery CVE published 2026-07-10

CVE-2026-54000

A local unprivileged attacker can cause a heap buffer out-of-bounds write in osquery prior to 5.23.1 on Windows, potentially leading to local privilege escalation from standard user to SYSTEM. This issue arises from unchecked PEB string lengths in process command-line and current-directory reads when querying the processes table. The vulnerability affects osquery versions prior to 5.23.1 on Windows platforms.

MEDIUM osquery CVE published 2026-07-10

CVE-2026-46388

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads [truncated]