Primary

Context

Tychon OpenSSL Privilege Escalation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Tychon due to its OpenSSL component, which allows an unprivileged user on Windows to control the OPENSSLDIR variable. Tychon includes a privileged service that utilizes this OpenSSL component. By placing a specially-crafted openssl.cnf file in a designated path, a user may execute arbitrary code with SYSTEM privileges.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution with SYSTEM privileges on a Windows system running the affected Tychon version.

Remediation

Users can update to Tychon version 1.7.857.82 to address this vulnerability.

Added: Jun 1, 2026, 6:05 PM

Updated: Jun 1, 2026, 6:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.9

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tychon OpenSSL Privilege Escalation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Tychon

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating