Chef InSpec Named Pipe Permission Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in Chef InSpec versions prior to 5.24, where named pipes are created with default Windows access controls that are too permissive. This flaw allows a local attacker to interfere with the pipe connection process and exploit the inadequate access restrictions to gain access to the InSpec execution context. Such an exploitation could lead to elevated privileges or operational disruption.

Impact

Exploitation of this vulnerability could allow a local attacker to gain elevated privileges or disrupt operations by interfering with the InSpec execution context.

Added: Jan 30, 2026, 2:22 PM

Updated: Jan 30, 2026, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

7.5

exploitability

2.9

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

7.5

exploitability

2.9

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chef InSpec Named Pipe Permission Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

Chef InSpec

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating