Arbitrary Code Execution Vulnerability in Tychon by a Leading Security Vendor
CVE-2022-4991

Currently unrated

Key Information:

Vendor: Tychon
Status: Tychon
Vendor: CVE Published:; 1 June 2026

What is CVE-2022-4991?

The Tychon software incorporates an OpenSSL component that sets the OPENSSLDIR variable to a directory which can be altered by a non-privileged user on Windows systems. This configuration poses a security risk as it enables malicious users to deploy a specifically crafted openssl.cnf file at a targeted location. If leveraged successfully, this can lead to arbitrary code execution with SYSTEM-level privileges, thereby compromising the security of the entire system.

Affected Version(s)

Tychon * < 1.7.857.82

References

https://www.kb.cert.org/vuls/id/730007

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Jun 1, 2026

CVE-2022-4991 Data

JSON