CVE-2022-4991
Published: 01 June 2026
Summary
CVE-2022-4991 is a high-severity an unspecified weakness vulnerability. Its CVSS base score is 7.4 (High).
Operationally, ranked at the 16.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-55995
Vulnerability details
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted…
more
openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.