Skip to main content

Workspace ONE Tunnel EUVDEUVD-2026-42242

| CVE-2026-22927 HIGH
Path Traversal (CWE-22)
2026-07-08 de5a6978-88fe-4c27-a7df-d0d5b52d5b52 GHSA-7c7j-678j-gcch
7.8
CVSS 3.1 · Vendor: de5a6978-88fe-4c27-a7df-d0d5b52d5b52
Share

Severity by source

Vendor (de5a6978-88fe-4c27-a7df-d0d5b52d5b52) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local escalation by an already-authenticated low-privileged user (AV:L, PR:L), no interaction, yielding full SYSTEM control of the host (C/I/A:H, scope unchanged).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (de5a6978-88fe-4c27-a7df-d0d5b52d5b52).

CVSS VectorVendor: de5a6978-88fe-4c27-a7df-d0d5b52d5b52

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 08, 2026 - 14:33 vuln.today
CVE Published
Jul 08, 2026 - 14:16 cve.org
HIGH 7.8

DescriptionCVE.org

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.

AnalysisAI

Local privilege escalation in Omnissa Workspace ONE Tunnel for Windows lets an authenticated low-privileged local user abuse a path-traversal weakness (CWE-22) to gain higher (likely SYSTEM) privileges on the endpoint. The flaw affects the Windows Tunnel client used for per-app VPN in Workspace ONE managed fleets; no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privileged local access to Windows host
Delivery
Craft malicious traversal path input
Exploit
Tunnel service writes outside intended directory
Execution
Overwrite SYSTEM-executed file
Impact
Escalate to SYSTEM privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold local, low-privileged authenticated access (CVSS PR:L, AV:L) on a Windows endpoint where the Omnissa Workspace ONE Tunnel client for Windows is installed and running as a privileged service; no user interaction is needed (UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) describes a locally exploitable, low-complexity flaw requiring existing low-level privileges and no user interaction, with high impact to all three security properties - internally consistent with a local privilege-escalation primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already has a standard low-privileged account or code execution on a Windows device running Workspace ONE Tunnel supplies a crafted file path that escapes the intended directory, causing the privileged Tunnel service to write or overwrite a file it should not. By redirecting that write to a location loaded or executed by SYSTEM, the attacker escalates from a normal user to full system privileges; no public POC is currently identified.
Remediation Patch available per vendor advisory: update Omnissa Workspace ONE Tunnel for Windows to the fixed release identified in OMSA-2026-0002 (https://www.omnissa.com/omsa-2026-0002); the exact patched version is not specified in the available data and must be taken from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Windows Omnissa Workspace ONE Tunnel installations and document affected versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42242 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy