Heap Buffer Out-of-Bounds Write Vulnerability in osquery by Facebook
CVE-2026-54000
7HIGH
What is CVE-2026-54000?
A vulnerability in osquery prior to version 5.23.1 allows a local unprivileged attacker on Windows systems to exploit heap buffer out-of-bounds writes. This occurs when querying the processes table with a specially crafted process. The vulnerability is rooted in unchecked process Environment Block (PEB) string lengths during command-line and current-directory reads. If leveraged, this could enable an attacker to escalate privileges from a standard user to SYSTEM level, posing a significant security threat. The issue has been mitigated in the recent update, version 5.23.1.
Affected Version(s)
osquery < 5.23.1
